LastPass is arguably one of the popular password managers, coming with various security features for users to protect their online credentials. However, it could have been exposed to a new security breach as many users have recently reported that their master passwords might have been compromised. Here are the details.
LastPass Users Prone to Security Breach?
It is reported that various LastPass users have received email warnings mentioning login attempts to their accounts from unfamiliar locations across the world recently. Moreover, several users report that they cannot disable and delete their LastPass accounts after receiving the warnings due to a “Something went wrong: A” error. This was initially reported by Greg Sadetsky (via Hacker News).
Many of them took their concerns to social media platforms like Twitter and Reddit, advising fellow LastPass users to change their master password, which is the primary password to access their entire password library. Some users also stated that they received unfamiliar login alerts for their LastPass accounts even after they changed their master passwords.
Furthermore, the report cites security researcher Bob Diachenko, who recently discovered thousands of LastPass credentials via Redline Stealer malware logs. This further raises security concerns.
However, LogMeIn’s Global PR/AR Senior Director Nikolett Bacso-Albaum denies all this and highlights that “LastPass investigated recent reports of blocked login attempts and determined the activity is related to the fairly common bot-related activity.“
LastPass, in a statement to The Verge, also denies a security breach and suggests that the security emails were “triggered” from its systems. The company is continuing to figure out why these emails were sent.
Whatever the case is, we’d still recommend you enable multifactor authentication to stay safe. And if you are skeptical about using LastPass, you can check out other alternative password managers for storing your passwords. Also, let us know whether or not you have received any warning emails from LastPass regarding the ongoing credential stuffing attacks in the comments below.