Lastpass says there’s no evidence of a data breach following users’ reports that they were notified of unauthorized login attempts. The password manager maintains that it was never compromised, and users’ accounts have n’t been accessed by bad actors.
Nikolett bacso-albaum, the senior director of LogMeIn global PR, said the alerts users received were related’to fairly common bot-related activity’. The alerts were related to malicious attempts to log in to LastPass accounts using email addresses and passwords that bad actors sourced from past breaches of third-party services.
‘we do not have any indication that accounts were successfully accessed or that the LastPass service was otherwise compromised by an unauthorized party,’ basco-albaum said.’we regularly monitor for this type of activity and will continue to take steps designed to ensure that LastPass, its users, and their data remain protected and secure,’ he added.
Lastpass vice president of product management Dan demichele says at least some of the alerts were’likely triggered in error’.
Lastpass is aware of and has been investigating recent reports of users receiving e-mails alerting them to blocked login attempts. At this time we have no indication that any LastPass accounts were compromised by an unauthorized third-party as a result of this credential stuffing. We continued to investigate in an effort to determine what was causing the automated security alert e-mails to be triggered from our systems.
I posted this to Hacker News. It gathered 192 comments, including 7 separate reports of master password breaches and login attempts from the same Brazil IP range.
Lastpass user claims that LastPass warned him of a login attempt from Brazil using his master password. Other users quickly responded to the post, noting that they experienced something similar.
Lastpass was n’t actually compromised, but it’s still a good idea to fortify your account with multifactor authentication. Multifactor authentication uses outside sources to verify your identity before you log in to your account.