LastPass is arguably one of the most popular password managers, and it comes with various security features for users to protect their credentials online. However, it could have been exposed to a new security breach, as many users recently reported that their master passwords could have been compromised. Here are the details.
Are LastPass users prone to security breaches?
Several LastPass users are reported to have received email warnings mentioning login attempts to your accounts from unknown locations around the world recently. Additionally, multiple users are reporting that they are unable to disable and delete their LastPass accounts after receiving the warnings due to a “Something went wrong: A” error. This was initially reported by Greg Sadetsky (via Hacker News).
Many of them took their concerns to social media platforms such as Twitter and Reddit, and advised other LastPass users to change their master password, which is the master password to access your entire password library. Some users also stated that they received unknown login alerts for their LastPass accounts even after changing their master passwords.
In addition, the report appointment security researcher Bob Diachenko, who recently discovered thousands of LastPass credentials through Redline Stealer’s malware logs. This further increases security concerns.
However, Nikolett Bacso-Albaum, LogMeIn’s Senior Director of Global Public Relations / RA, denies all this, stressing that “LastPass investigated recent reports of blocked login attempts and determined that the activity is related to fairly common bot-related activity.”
LastPass, in a statement to The edge, also denies a security breach and suggests that the security emails were “triggered” from their systems. The company continues to find out why these emails were sent.
Whatever the case, we recommend that you enable multi-factor authentication to stay safe. And if you are in doubt about using LastPass, you can check out other alternative password managers to store your passwords. Also, let us know if you’ve received any warning emails from LastPass regarding ongoing credential stuffing attacks in the comments below.