While LastPass says that it is not aware that some of its accounts were compromised in the recent credential stuffing attacks that started on Monday, numerous LastPass users claim that their master passwords have been compromised after receiving emails warning them that someone tried to use them to access their accounts.
“Someone just used your master password to try to log in to your account from a device or location we didn’t recognize,” reads the warnings. “LastPass blocked this attempt, but you should take a closer look. Was this you?”
The email warning sent by the company informs the users that the login attempts have been blocked due to the unusual origin locations.
“LastPass investigated recent reports of blocked login attempts and determined the activity is related to fairly common bot-related activity, in which a malicious or bad actor attempts to access user accounts (in this case, LastPass) using email addresses and passwords obtained from third-party breaches related to other unaffiliated services.” Nikolett Bacso-Albaum Senior Director, Global PR/AR told BleepingComputer. “It’s important to note that we do not have any indication that accounts were successfully accessed or that the LastPass service was otherwise compromised by an unauthorized party. We regularly monitor for this type of activity and will continue to take steps designed to ensure that LastPass, its users, and their data remain protected and secure.”
Many users that that received the email warnings stated that their master passwords was only used to access the LastPass service and were not shared with other web services. This circumstance, if confirmed, suggests that the Password manager service was compromised, but at this time there is no evidence of compromise.
The situation could be worse if we consider that some customers after having reported having changed their master passwords state that they received another login warning.
Some users also reported that they were not able to delete and disable their accounts.
LastPass users are recommended to enable multifactor authentication to protect their accounts.
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, password)
[adrotate banner=”5″]
[adrotate banner=”13″]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Fortinet vulnerability to its Known Exploited Vulnerabilities…
Kosovar citizen extradited to the US for running the cybercrime marketplace BlackDB.cc appeared in federal…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows flaws to its Known Exploited…
Ivanti addressed two Endpoint Manager Mobile (EPMM) software vulnerabilities that have been exploited in limited…
Microsoft Patch Tuesday security updates for May 2025 addressed 75 security flaws across multiple products, including…
Fortinet fixed a critical remote code execution zero-day vulnerability actively exploited in attacks targeting FortiVoice…
This website uses cookies.
