News

LastPass massively sent notifications of failed login attempts

If you use LastPass as a password manager, you’ve probably recently received some emails alerting them to blocked login attempts.

This is usually a serious red flag, as it indicates that someone tried to guess the master password to access the key vault. However, from the application they pointed out that this was due to a technical error.

LastPass sent security alerts by mistake

When this situation was known, it was initially attributed to bots. However, the antecedents were not entirely clear and did not fully convince those allegedly affected.

LastPass recently commented to AppleInsider that there is no evidence of a data breach, regarding user reports that they were notified of unauthorized login attempts. The password manager maintains that its security was never compromised and that no bad actor has accessed its users’ accounts.

After developing an internal investigation into this situation, LogMeIn, the parent company of LastPass, pointed to The Verge In the voice of your LastPass VP of Product Management, Dan DeMichele: “We are working quickly to investigate this activity and at this time we have no indication that any LastPass account has been compromised by an unauthorized third party as a result of this credential stuffing, nor have we found any indication that the user’s LastPass credentials have been collected by malware, fraudulent browser extensions or phishing campaigns “.

Without specifying specifically how this problem was triggered, from LastPass they indicate that they are still working on identifying its origin. However, they assume that these notifications were sent to a limited subset of users in error, presumably.

From LastPass they reiterate that they do not store a readable copy of the service’s master passwords, a practice they call “zero-knowledge security model.” For the same reason, it is assumed that those data were never really compromised.

However, following the version supported in the official LastPass answer, even if the password manager did not really compromise its security, it is worth using alternative security methods for passwords.

Source link

Lenny Li

I started to play with tech since middle school. Smart phones, laptops and gadgets are all about my life. Besides, I am also a big fan of Star War. May the force be with you!

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button