LastPass says there’s no evidence of a data breach following reports from users that they’ve been notified of unauthorized login attempts, as reported by AppleInsider. The password manager claims that it has never been compromised and users’ accounts have not been accessed by malicious parties.
Something very strange and bad is happening to many people @LastPass bills. I posted this on Hacker News and it garnered 192 responses, including 7 separate reports of master password breaches and login attempts from the same IP range in Brazil. uh. https://t.co/tcM0aFdavv`
— Greg Technology (@technology_greg) December 27, 2021
Reports began to surface about the Hacker News forum after a LastPass user creates a post highlighting the issue. He claims that LastPass warned him about a login attempt from Brazil with his master password. Other users quickly responded to the post, noting that they experienced something similar. As the original poster (@technology_greg) points out in a tweet, some were also warned about an attempt from Brazil, while others were traced back to different countries. This understandably raised concerns that an infringement had occurred.
Nikolett Bacso-Albaum, the senior director of LogMeIn Global PR, said: The edge that the warnings users received related to “fairly common bot-related activity”, where malicious attempts were made to log into LastPass accounts with email addresses and passwords that attackers came from previous breaches of third-party services (i.e. not LastPass ).
“It’s important to note that we have no indication that accounts have been successfully opened or that the LastPass service has been compromised in any other way by an unauthorized party,” Basco-Albaum said. “We regularly monitor for this type of activity and will continue to take steps to ensure that LastPass, its users, and their data remain protected and secure.”
Even if LastPass isn’t actually hacked, it’s still a good idea to bolster your account with multi-factor authentication, which uses external sources to verify your identity before logging into your account.