One of the most popular and highly recommended password managers may be a little less secure after multiple users have reported phantom login attempts from foreign countries.
LastPass investigated reports of a possible attack on its servers and assuring users that it “will continue to take steps designed to ensure that LastPass, its users, and their data remain protected and secure.” In its initial findings, the company believes “the activity is related to attempted ‘credential stuffing’ activity, in which a malicious or bad actor attempts to access user accounts (in this case, LastPass) using email addresses and passwords obtained from third-party breaches related to other unaffiliated services,” according to a blog post.
The company claims there is no evidence to suggest that any accounts were compromised. It also said that some of the security alerts “were likely triggered in error” and has subsequently adjusted its security alert systems. LasPass says the issue has been resolved.
Still, it’s a troubling turn of events for one of the premier password manager on the net. LastPass boasts millions of users of its service, which stores passwords in an encrypted online vault accessible on iPhones, iPads, Apple Watches, and Macs. Users access their vault using a master password, which is what users feared may have been compromised.
In 2019, LastPass resolved a browser extension bug that could have resulted in site credentials filled by LastPass to be exposed.
If you have a LastPass account, it’s probably a good idea to change your master password to something that’s unique and strong. It’s also a good idea to turn on two-factor authentication, which adds a second login method (SMS, OTP, or biometric) in addition to your password for an extra layer of security.
Michael Simon has been covering Apple since the iPod was the iWalk. His obsession with technology goes back to his first PC—the IBM Thinkpad with the lift-up keyboard for swapping out the drive. He's still waiting for that to come back in style tbh.