LastPass Users’ Master Passwords May Have Been Leaked But the Company Denies

LastPass is arguably one of the popular password managers, coming with various security features for users to protect their online credentials. However, it could have been exposed to a new security breach as many users have recently reported that their master passwords might have been compromised. Here are the details.

LastPass Users Prone to Security Breach?

It is reported that various LastPass users have receivedemail warnings mentioning login attemptsto their accounts from unfamiliar locations across the world recently. Moreover, several users report that they cannot disable and delete their LastPass accounts after receiving the warnings due to a “Something went wrong: A” error. This was initially reported by Greg Sadetsky (via Hacker News).

Many of them took their concerns to social media platforms like Twitter andReddit, advising fellow LastPass users to change their master password, which is theprimary password to access their entire password library.Some usersalso stated that they received unfamiliar login alerts for their LastPass accounts even after they changed their master passwords.If you use LastPass, please change your Master Password. And ensure you’re using alerting and an Authenticator app for MFA.https://t.co/RKD1yrE59Y— Adam Hall 🇳🇿🇺🇸 (@adhalls)December 28, 2021

If you use LastPass, please change your Master Password. And ensure you’re using alerting and an Authenticator app for MFA.https://t.co/RKD1yrE59Y— Adam Hall 🇳🇿🇺🇸 (@adhalls)December 28, 2021

Furthermore, the reportcitessecurity researcher Bob Diachenko, who recently discovered thousands of LastPass credentials via Redline Stealer malware logs. This further raises security concerns.

However, LogMeIn’s Global PR/AR Senior Director Nikolett Bacso-Albaum denies all this and highlights that “LastPass investigated recent reports of blocked login attempts and determined the activity is related to the fairly common bot-related activity.“

LastPass, in a statement toThe Verge, also denies a security breach and suggests that the security emails were “triggered” from its systems. The company is continuing to figure out why these emails were sent.

Whatever the case is, we’d still recommend you enable multifactor authentication to stay safe. And if you are skeptical about using LastPass, you cancheck out other alternative password managersfor storing your passwords. Also, let us know whether or not you have received any warning emails from LastPass regarding the ongoing credential stuffing attacks in the comments below.

Dwaipayan Sengupta

A geek at heart, you’ll find me fidgeting with an iOS device or sitting in front of the laptop, scouring the internet to find interesting technological innovations. In my free time, you’d find me playing Valorant or listening to Pink Floyd.

Add new comment

Name

Email ID

Δ

01

02

03

04