LastPass claims user credentials haven’t been leaked in a data breach, but many of their customers believe otherwise.
Yesterday, many people took to online forums and Twitter to report unusual activity with their LastPass accounts. They were all claiming to have received an email from LastPass stating that their master password — the one used to access all their stored passwords — was used by someone in an attempt to log in to their account. Most of these attempted logins seemed to originate from Brazil.
As AppleInsider reported, most reports came from people who haven’t used their LastPass account in a long time, and subsequently haven’t changed their master password in at least just as long. This would indicate that the password list the hacker could be using was not leaked recently.
LastPass’ statement on the incident
Although it was initially believed that these unauthorized login attempts could have been the result of a credential snuffing attack — a type of cyberattack whereby cybercriminals use bots to launch large-scale automated login requests using stolen login credentials — In LastPass’ most recent statement regarding the incident, the company assured its users that this is not the case:
“We quickly worked to investigate this activity and, at this time, have no indication that any LastPass accounts were compromised by an unauthorized third-party as a result of these credential stuffing attempts, nor have we found any indication that user’s LastPass credentials were harvested by malware, rogue browser extensions, or phishing campaigns.”
LastPass went on to state that it believes the emails were sent to users in error, saying “we continued to investigate [the issue] in an effort to determine what was causing the automated security alert emails to be triggered from our systems” and that “these security alerts, which were sent to a limited subset of LastPass users, were likely triggered in error.”
Although this will come as reassuring news for many, there are sure to still be those who continue to believe that there may be a more serious ongoing security issue.
Looking for a super-secure password manager?
Then Trend Micro Password Manager — which was created by one of the world’s leading cybersecurity companies — is for you!
Trend Micro Password Manager can keep you safe and secure online, by enabling you to sign in to each website using a unique, ultra-secure password. You can access all your passwords across all your devices too, giving you complete control no matter where you are.
Some of Trend Micro Password Manager’s features include:
- One-Click Log In — Works with your browser for quick and easy access.
- One-Click Form Fill — Automatically fills in your info when shopping online or signing up for services.
- Keystroke Encryption — Protects everything you type from being read by cybercriminals.
- Cloud Sync — Backs up and syncs passwords, notes, and form fill information.
Click the button below to learn more!