Last Updated on 06/01/2022 by Ulka
LastPass said there was no evidence of data breaches after reporting that users were notified of unauthorized login attempts, AppleInsider reported. Password managers claim that their passwords have never been compromised and that malicious attackers have never accessed their user accounts. Nikolett Bacso Albaum, Senior Director of
LogMeIn Global PR, first told The Verge that the alerts they received were related to malicious attempts at their LastPass account, which is a “pretty common bot-related activity.” Register an address and password that came from a past breach of party service (that is, not LastPass).
“It’s important to note that there is no evidence that your account has been successfully accessed or that your LastPass service has been compromised by an unauthorized party,” Basco Albaum said. “We regularly monitor this type of activity and will continue to take steps to ensure that LastPass, its users, and their data remain safe and secure.” But Dan DeMichele’s Product Management Officer.
Vice President LastPass issued a statement late Tuesday night. A more detailed explanation to The Verge, stating that at least some of the warnings were “probably triggered by an error” due to LastPass’s current problems. As mentioned earlier, LastPass recognizes and investigates recent reports from users who receive emails notifying them of blocking login attempts. We investigated this activity quickly, but at this time there is no evidence that this credential stuffing was compromised by an unauthorized third party, and your LastPass credentials are malware. No evidence was found that was collected. Rogue browser extensions or phishing campaigns.
However, with great care, we continued to investigate why automated security alert emails were triggered by the system. Since then, investigations have shown that some of these security alerts sent to a limited subset of LastPass users are likely to have been accidentally triggered. Therefore, we have tuned the security alert system to resolve this issue.
These alerts were triggered by LastPass’s ongoing efforts to protect customers from malicious attackers and credential cramming attempts. It’s also important to repeat that LastPass’s zero-knowledge security model means that LastPass never stores, knows, or accesses a user’s master password. We will continue to monitor for anomalous or malicious activity on a regular basis and, if necessary, take steps to ensure that LastPass, its users, and their data are protected and secure.
After a LastPass user posted a post highlighting the issue, the report appeared on the Hacker News forum. He claims that LastPass warned him about trying to log in from Brazil with his master password. Other users quickly responded to the post and noticed a similar experience. As the original contributor (@technology_greg) pointed out in a tweet, some people noticed the attempt from Brazil, while others went back to different countries. Not surprisingly, this raised concerns that a breach had occurred.
Even if LastPass hasn’t actually been compromised, we recommend that you use multi-factor authentication to verify your identity using an external source before logging in to your account to strengthen your account.