Earlier this week the site was pirate news Reports indicate that many users have logged in unauthorized login attempts. Login attempts from other countries are often found here, but at no time has there been access to sensitive data, as accounts are still protected by the master password.
Many users are still worried and the company has now confirmed that no data has been compromised and that it is still safe and secure.
As mentioned earlier, LastPass is aware of and tracks recent reports of users receiving emails notifying them of blocked login attempts. We’ve quickly investigated this and currently have no evidence that LastPass accounts have been hacked by an unauthorized third party as a result of this “credential stuffing”. We also found no evidence that users’ LastPass credentials were intercepted by malware, fraudulent browser extensions, or phishing campaigns.
However, as a precaution, we have continued to investigate why automatic security alerts are triggered on our systems.
Our research shows that some of these security alerts, sent to a limited group of LastPass users, may have been triggered in error. As a result, we have modified our security alerts and this issue is now resolved. These alerts are triggered by LastPass’s ongoing efforts to protect its customers from malicious actors and attempts to fill in credentials. It is also important to reiterate that LastPass’s zero-knowledge security model means that LastPass does not store, know, or have access to the user’s master password.
We will continue to monitor regularly for any unusual or malicious activity and, if necessary, will take additional measures to ensure that LastPass, its users and their data remain protected and secure.
(via the edge)
“Subtly charming coffee scholar. General zombie junkie. Introvert. Alcohol nerd. Travel lover. Twitter specialist. Freelance student.”