Image: LastPass

LastPass is a popular cloud-based password manager that allows users to quickly generate complex passwords for sites and manage them with a single, master password.

Alarmingly, a growing number of users on the Hacker News forum are claiming that their master passwords for LastPass have been compromised. Many are receiving emails from the company about unauthorized login attempts, even by those who have kept their master passwords secure via alternative solutions such as KeePass.

“LastPass blocked a login attempt from Brazil (it wasn’t me),” reads a thread created by gregsadetsky that has garnered over 400 comments thus far. “According to an email I received from LastPass, this login was using the LastPass account’s master password. The email doesn’t look like it’s a phishing attempt.”

“What troubles me is that the master password was stored in a local encrypted KeePassX file,” he added.

The thread has prompted LastPass to send out a statement regarding the allegations. According to the company, none of its accounts were accessed or compromised.

LastPass investigated recent reports of blocked login attempts and determined the activity is related to fairly common bot-related activity, in which a malicious or bad actor attempts to access user accounts (in this case, LastPass) using email addresses and passwords obtained from third-party breaches related to other unaffiliated services. It’s important to note that we do not have any indication that accounts were successfully accessed or that the LastPass service was otherwise compromised by an unauthorized party. We regularly monitor for this type of activity and will continue to take steps designed to ensure that LastPass, its users, and their data remain protected and secure.

LastPass is available in a variety of plans, including a free option that allows users to manage an unlimited amount of passwords. Premium ($3) and Families ($4) plans are also available for home users with additional features, such as encrypted file storage and dark web monitoring.

Source: Hacker News (via How-To Geek)

Don’t Miss Out on More FPS Review Content!

Our weekly newsletter includes a recap of our reviews and a run down of the most popular tech news that we published.

Join the Conversation

2 Comments

  1. I don’t use any password managers at all. I rely on my brain, and a text document that has clues for all my passwords for all my accounts. The clues are so cryptic that sometimes they don’t even help me! So I’m not concerned about others figuring that sh1t out.

    [QUOTE=”Zarathustra, post: 45829, member: 203″]
    This is why you never trust anything cloud.
    [/QUOTE]
    Yupz. The only thing I ever use cloud sh1t for is save data for games ([I][B]IF[/B][/I] that service is provided for free), and that’s in addition to the local manual backups I make (unless I’m on an unmodded system that doesn’t let me back up my saves – with those I’m just boned).

Leave a comment