LastPass is arguably one of the popular password managers, with several security features that help users protect their online credentials. However, it may have been exposed to another security breach as many users have recently reported that their master passwords may have been compromised. Here are the details.
LastPass users prone to security breach?
It has been reported that several LastPass users have received email alerts stating login attempts to their accounts from unknown locations around the world recently. Additionally, several users report that they are unable to disable and delete their LastPass accounts after receiving the warnings due to an error “Something went wrong: A”. This was initially reported by Greg Sadetsky (via Hacker News).
Many of them took their concerns to social media platforms such as Twitter and reddit, advising other LastPass users to change their master password, which is the primary password to access their entire password library. Some users also stated that they were receiving unknown login notifications for their LastPass accounts even after changing their master passwords.
Furthermore, the report quotes security researcher Bob Diachenko, who recently discovered thousands of LastPass credentials through Redline Stealer malware logs. This raises even more security concerns.
LogMeIn’s Global PR/AR Senior Director Nikolett Bacso-Albaum denies all of this, stressing that “LastPass has investigated recent reports of blocked login attempts and determined that the activity is related to the fairly common bot-related activity.“
LastPass, in a statement to The edge, also denies a security breach and suggests the security emails were “triggered” by his systems. The company continues to investigate why these emails were sent.
Either way, we still recommend enabling multi-factor authentication to stay safe. And if you’re skeptical about using LastPass, you can: check out other alternative password managers to save your passwords. Also, let us know whether or not you have received any warning emails from LastPass regarding the ongoing credential padding attacks in the comments section below.