LastPass: Login Attempted Notifications Were Due to Warning System Error

LastPass says users were incorrectly notified of a login attempt with their master password due to a bug in the alert system. There is no indication that passwords were stolen, or that bots tried to login.

That writes LastPass in an update, including on Twitter, after several users reported in recent days that a login attempt had been made with their master password from a location unknown to them. Users were concerned that their master password had been leaked or otherwise stolen. LastPass now says that after further investigation, there is no indication that this happened and that the users who received the notification were mistakenly received due to an error in the warning system. According to the company, no attempt was made to log in with their master password from another location.

Previously, LastPass said it could be bots trying to log in with passwords stolen from hacks at other services. LastPass stated at the time that there was no indication that accounts had actually been compromised or that there was a leak at LastPass or its former parent company LogMeIn. In addition, there is no reason whatsoever that user data has been stolen via malware, rogue browser extensions or phishing campaigns.

In a blog post, updated by LastPass on Tuesday, LastPass emphasized that the company has no knowledge of users’ master passwords and does not store them anywhere. According to LastPass, the erroneous warning was sent to a small group of users. The error that caused this has now been resolved. Despite everything, the company recommends that users look closely at their master password and ensure it is a strong and unique password, and enable two-step verification. The company also says not to reuse passwords.