LastPass: master passwords can be compromised
LastPass is the victim of a credential error attack. It’s best to enable two-factor authentication if you haven’t already.
Password managers are very convenient, they allow you to remember passwords for sites and services that you use regularly. These tools can also often be used to generate complex passwords, making them harder for attackers to guess. And these passwords, no matter how complex, are stored in the software, which sometimes even enters them for you right on the login forms. Suffice it to say that the security of such software is very important.
LastPass login failure attack victim
All of this information is very personal. For your protection, they are protected by a master password, like a key to a safe. Thus, if third parties do not have this key, they will not be able to access your passwords. Unfortunately for LastPass Manager users, the Hacker News article reports receiving several notifications about login attempts using master passwords.
Some users explain that even changing the master password is not enough, they continued to receive notifications about connection attempts, which, as you can easily understand, is very strange. That said, in a statement sent to AppleInsider, LastPass spokeswoman Megan Larson explains that she was not the victim of any hack.
It’s better to turn on two-factor authentication if you haven’t already.
According to Megan Larson’s statement: “LastPass has looked into recent reports of blocked login attempts and we are convinced that this activity is related to ‘credential blocking’ activity where an attacker attempts to gain access to user accounts (in this case LastPass) using email addresses and passwords obtained through vulnerabilities in third-party platforms associated with other unaffiliated services.”
That being said, if you’re using LastPass, it’s best to enable two-factor authentication now so that even if your master password falls into the wrong hands, a hacker won’t be able to get all of your account information. Unless, of course, she also has access to your smartphone or authentication device.
Leave a Reply