Users of the password management software LastPass reported last week that they received emails from the company about unauthorized login attempts using their individual master password. LastPass took a stand on what happened and assured that no user information had been shared with third parties.
What happened?
On December 28, 2021, users of the password manager LastPass drew attention to the Hacker News platform that they had received emails from the service provider informing them of blocked login attempts with their master password in unusual locations. The emails did not have typical characteristics of phishing emails and appeared authentic. Suspicions were raised that LastPass had fallen victim to a data leak and passed on information to unauthorized third parties.
After a thorough review of the unusual activity, LastPass assured that no user data had been compromised, nor had the service provider been the victim of a malware attack or phishing campaign. Instead, bot activity was suspected of being behind the events.
Further investigations ultimately revealed that the sending of the emails was due to an error in the alarm system. A limited number of LastPass users had mistakenly received automated security alerts from the company that were triggered for no reason.
LastPass adjusted its security alert systems in response to the incident, assuring that by using the zero-knowledge security model , no master passwords of users would be stored on the company’s servers at any time.
What can I do?
Always use strong passwords and never use them multiple times for different applications.
If you also use your password manager’s master password for other applications or tools, adjust it immediately.
In any case, if you are a user of a sensitive tool such as a password manager, you should enable two-factor authentication. This will help you ensure that unauthorized persons do not gain access to your systems.
If you suspect that your password has been compromised, change it immediately! The following applies here: Prevention is better than cure.
