Multiple users of password manager LastPass report that third parties have attempted to log into their LastPass account with the master password. They are afraid that their master password has been leaked. According to Lastpass, these are bots trying to log in.
The messages come from Hacker News, where multiple users report login attempts to their account with the master password. Users received an email from LastPass stating that an unauthorized login attempt was made with the master password. The login attempt was blocked because the person trying to login is in a different country.
–
The users fear that their password has been leaked because the password they use for LastPass is not used for anything else. At least ten users report via Hacker News, Reddit in Twitter that they have received an email that someone has used their master password to log in.
Now How-to Geek has a statement received from a spokesperson at LastPass. According to LastPass, these are “common bot activities” that attempt to access accounts containing data leaked through a hack at another service. According to the company, they have “no indication that accounts were actually compromised or that anyone gained access to LastPass.”
Update: 20.15: LastPass has in a blog explained what the company says is going on and what users can do to protect their account from unauthorized login attempts. LastPass writes that they do indeed see a “small increase in activity”, meaning the login attempts by third parties. LastPass reiterates that there is no evidence of a leak at LastPass or its former parent company LogMeIn.
LastPass writes that there are several features built into the password manager to prevent these types of login attempts to fail. Including signaling login attempts from unusual locations. In addition, users can make their own account more secure by linking a strong, unique password to the account. It is also advised to enable two-step verification.
–