Password managers are a great way to improve your security online, but it would be a nightmare scenario if your password manager’s account were hacked. This week, some LastPass users report that their master passwords appear to have been compromised, but LastPass says that technically things are working the way they are supposed to.
Multiple LastPass users on the Internet shared their dire situation where an email notification revealed that someone used their master password to try to access their account. Fortunately, the legitimate warnings notify users that account access has been blocked due to the region in which the attempt was made.
LastPass, like other password managers, relies on a “master password” as the key to unlock a user’s passwords. The encrypted vault with passwords and other data is stored on the company’s servers, but the master password is not.
In a statement to How-To-GeekLastPass claims that there is currently no evidence that a third party breached LastPass security, but rather speculates that affected users may be able to use their master password for other services.
LastPass has investigated recent reports of blocked login attempts and found that the activity was related to fairly common bot-related activity where a malicious or malicious actor tries to access user accounts (in this case LastPass) with email addresses and passwords obtained from third parties. Violations of Contracts Related to Other Unaffiliated Services. It is important to note that we have no evidence that accounts were successfully accessed or that the LastPass service was otherwise compromised by an unauthorized party. We regularly monitor this type of activity and will continue to take steps to ensure that LastPass, its users and their data remain safe and secure.
What makes this situation worrying, however, is that some users on LastPass have used completely unique passwords (which is obviously a good practice) and that some are seeing their accounts being accessed and locked out again even after changing the master password (via Beeping computer).
At the moment, LastPass security appears to be working properly and these security breach attempts are being blocked. However, if you’re a LastPass user, changing your password and possibly those of particularly sensitive accounts now is probably a good idea.
More on passwords and security:
FTC: We Use Income Earning Auto Affiliate Links. More.