The LastPass report states that there is no evidence of data breach following user reports of unauthorized login attempts. Apple Insider. The password manager claims that this has never been compromised and that users’ accounts have not been accessed by bad actors.
Nikolett Bacso-Albaum, senior director of LogMeIn Global PR, said at the outset On the edge User alerts are related to the “most common bot-related activity”, including malicious attempts to log in to LastPass accounts using bad addresses and passwords that bad actors have received from past violations of third-party services (i.e. not LastPass).
“It should be noted that we have no indication that the accounts have been successfully accessed or that the LastPass service was compromised by an unauthorized party,” Basco-Albaum said. “We are constantly monitoring this type of activity and will take steps designed to ensure that LastPass, its users and their data are secure and secure.”
However, Dan Demichel, vice president of product management at LastPass, released a statement on Tuesday night On the edge With a more detailed explanation, LastPass says that at least some alerts may have been “triggered by error” due to an issue that has now been resolved.
As mentioned earlier, LostPass is aware and is investigating recent reports of users receiving emails, warning of blocked login attempts.
We worked to expedite this process, and we have no indication that LastPass accounts have been compromised by an unauthorized third party as a result of this certification replenishment, or that the user’s LastPass credentials have been harvested by malware. Rogue browser extensions or phishing campaigns.
However, with the utmost caution, we continued to investigate in an effort to find out what triggered the automatic security alert emails from our computers.
Our investigation has found that some of these security alerts sent to a limited subgroup of LastPass users may have been triggered by mistake. As a result, we adjusted our security alarm systems and then this issue was resolved.
These warnings were triggered by the efforts of Lastpass to protect its customers from bad actors and to replenish their credentials. It is important to emphasize again that LastPass’s Zero-Knowledge security model does not store, know or access users’ primary passwords (s) at any time.
We’re constantly monitoring for unusual or malicious activity and, as needed, taking steps designed to ensure that LastPass, its users and their data are secure and secure.
Something very strange and terrible is happening to many @LastPass Accounts. I posted this on Hacker News, which collected 192 comments from the same Brazil IP range, including 7 separate reports on primary password violations and login attempts. அட. https://t.co/tcM0aFdavv`
– Greek technology (technology_greg) December 27, 2021
Reports about began to emerge Hacker News Forum After LastPass user created a post to highlight the issue. He says LastPass warned him about trying to sign in using his master password from Brazil. Other users responded quickly to the post, noting that they had experienced something similar. As the original poster (technology_greg) pointed out in a tweet, some were warned about an attempt from Brazil, while other attempts were found in different countries. This, understandably, raised concerns that a breach had taken place.
Although LastPass is not really compromised, it is good to strengthen your account Multiple factor recognition, Uses external sources to verify your identity before you sign in to your account.
Updated December 29, 12:20 AM ET: Added new report from LastPass