LastPass users receive warnings of compromised master passwords
Many LastPass users claim that their master passwords were compromised after receiving email warnings that someone had tried to use them to log into their accounts from unknown locations.
The email notifications mention that the login attempts have been blocked because they were made from unfamiliar devices or locations.
LogMeIn Global PR/AR Senior Director Nikolett Bacso-Albaum said that LastPass investigated recent reports of blocked login attempts and determined the activity is related to fairly common bot-related activity, in which a threat actor attempts to access user accounts using email addresses and passwords obtained from third-party breaches related to other unaffiliated services.
He added that they regularly monitor for this type of activity and will continue to take steps designed to ensure that LastPass, its users, and their data remain protected and secure
LastPass says that it is not aware that some of its accounts were compromised in the recent credential stuffing attacks. However, users who received these warnings have stated that their passwords are unique to LastPass and not used elsewhere.
Security researcher Bob Diachenko said he recently found thousands of LastPass credentials while going through Redline Stealer malware logs.
The LastPass customers who received such login alerts said that their emails were not in the list of login pairs harvested by RedLine Stealer found by Diachenko.
So it is believed that the threat actors behind the takeover attempts might have used some other means to steal their targets’ master passwords.
Some customers who tried to change their master passwords received another alert after the password was changed.
Also users who tried disabling and deleting their LastPass accounts after receiving these warnings also report receiving “Something went wrong: A” errors after clicking the “Delete” button.
LastPass users are recommended to enable multifactor authentication to protect their accounts even if their master password was compromised.
The post LastPass users receive warnings of compromised master passwords first appeared on Cybersafe News.