News Categories

LastPass users are being warned that their master passwords are compromised

By Kenny Yeo - on 29 Dec 2021, 9:46am

LastPass users are being warned that their master passwords are compromised

(Image source: LastPass)

LastPass users have reported that their master passwords have been compromised and that they have received warnings that someone is trying to log into their accounts from unknown locations.

The email notification from LastPass goes like this:

Someone just used your master password to try to log in to your account from a device or location we didn't recognize.

LastPass blocked this attempt, but you should take a closer look. Was this you?

This issue has not gone unnoticed by LastPass who said that this spate of activity was caused by malicious or bad actors attempting to access accounts with email addresses and passwords gleaned from third-party breaches.

LastPass said:

Credential stuffing attacks occur when a malicious or bad actor attempts to access user accounts (e.g., in this case, LastPass) using e-mail addresses and passwords obtained from third-party breaches related to other unaffiliated services. 

While we have observed a small uptick in this activity, we are utilizing multiple technical, organizational, and operational methods designed to protect against credential stuffing attempts. Importantly, we also want to reassure you that there is no indication, at this time, that LastPass or LogMeIn were breached or compromised.  

That said, reports say that some users who have received this warning have said that their passwords are unique to LastPass and therefore couldn't have been obtained from third-party breaches. LastPass has yet to reply to these concerns.

What's more worrying is that some users who changed their passwords after receiving the warning, received another warning later that someone has, once again, tried to log in to their account.

If you are a LastPass user who has received the warning email, change your password to a strong one and enable multifactor authentication.

Source: BleepingComputer, LastPass

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.