Illustration by Alex Castro / The Verge

LastPass says thereā€™s no evidence of a data breach following usersā€™ reports that they were notified of unauthorized login attempts, as reported by AppleInsider. The password manager maintains that it was never compromised, and usersā€™ accounts havenā€™t been accessed by bad actors.

Something very strange and bad is happening to a lot of people’s @LastPass accounts. I posted this to Hacker News and it gathered 192 comments, including 7 separate reports of master password breaches & login attempts from the same Brazil IP range. Uhh. https://t.co/tcM0aFdavv`

ā€” Greg Technology (@technology_greg) December 27, 2021

Reports started cropping up on the Hacker News forum after a LastPass user created a post to highlight the issue. He claims that LastPass warned him of a login attempt from Brazil using his master password. Other users quickly responded to the post, noting that they experienced something similar. As the original poster (@technology_greg) points out in a tweet, some were also alerted of an attempt from Brazil, while other attempts were traced back to different countries. This, understandably, raised concerns that a breach took place.

Nikolett Bacso-Albaum, the senior director of LogMeIn Global PR told The Verge that the alerts users received were related ā€œto fairly common bot-related activity,ā€ involving malicious attempts to log in to LastPass accounts using email addresses and passwords that bad actors sourced from past breaches of third-party services (i.e. not LastPass).

ā€œItā€™s important to note that we do not have any indication that accounts were successfully accessed or that the LastPass service was otherwise compromised by an unauthorized party,ā€ Basco-Albaum said. ā€œWe regularly monitor for this type of activity and will continue to take steps designed to ensure that LastPass, its users, and their data remain protected and secure.ā€

Even if LastPass wasnā€™t actually compromised, itā€™s still a good idea to fortify your account with multifactor authentication, which uses outside sources to verify your identity before you log in to your account.

By

Leave a Reply

X