Many LastPass users reported that their master passwords were compromised after receiving an email alert that someone had tried to use them to log in to their accounts from unknown locations.
Email notifications also mention that login attempts have been blocked because they have been spotted coming from unknown locations around the world.
“Someone just used your master password to try to sign in to your account from a device or location we didn’t recognize,” the warning said. “LastPass blocked this attempt, but you should take a closer look. Was that you? ”
Reports of compromised main passwords of LastPass users have appeared on several social networks and online platforms, including Twitter, Reddit and Hacker News.
LastPass has investigated reports of blocked login attempts and claims that the password manager has not been compromised, and that hackers have not accessed user accounts.
Nicolet Bakso-Albom, director of LogMeIn Global PR, explained that these warnings were related to the usual activities of bots, including attempts by hackers to log in to LastPass user accounts using email addresses and passwords stolen in previous attacks on other online services.
“It is important to note that we have no indication that the orders were successfully accessed or that the LastPass service was otherwise compromised by an unauthorized party. We regularly monitor this type of activity and will continue to take steps to ensure that LastPass, its users and their data remain protected and secure, ”added Bakso-Albom.
However, users who received these warnings said that their passwords are unique to LastPass and should not be used elsewhere.
LastPass did not provide any details on how those behind these attempts to access accounts came up with user passwords, but researcher Bob Diachenko says he recently found thousands of LastPass credentials as he went through the RedLine Stealer malware logs. But LastPass users who received alerts say their email addresses are not among the login information collected by RedLine Stealer malware. This means that, at least in the case of some of the users, those behind the attempt to retrieve the account used some other means to steal the master passwords.
Some users said they changed their master passwords when they received the alert, only to receive another alert afterwards.
Other users tried deleting their LastPass accounts after receiving these warnings, but received an error message.
Last night, Last Pass Vice President Dan Dimikele spoke up, explaining that “at least some of the warnings were probably triggered by mistake” because of the problem LastPass has now solved. He said there was no indication that any LastPass account had been compromised, nor did they find evidence that LastPass user credentials were collected through malware, web browser extensions or phishing attacks. LastPass will continue to investigate “what caused the launch of automated emails with security alerts from the system.” He pointed out that the security model of LastPass is such that LastPass does not store, does not know passwords and does not have access to the main passwords of users.
Even if LastPass is not compromised, LastPass users are advised to enable multi-factor authentication to protect their accounts even if their master password is compromised.
Source: Informacija.rs by www.informacija.rs.
*The article has been translated based on the content of Informacija.rs by www.informacija.rs. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!