LastPass users get notification of login attempt with master password – update
Multiple users of password manager LastPass report that third parties have attempted to log into their LastPass account with the master password. They are afraid that their master password has been leaked. According to Lastpass, these are bots trying to log in.
The reports come from Hacker News, where multiple users report login attempts to their account with the master password. Users received an email from LastPass stating that an unauthorized login attempt was made with the master password. The login attempt was blocked because the person trying to login is in a different country.
The notification LastPass users get.
The users fear that their password has been leaked because the password they use for LastPass is not used for anything else. Report at least ten users via Hacker News, Reddit and Twitter that they have received an email that someone has used their master password to log in.
How-to Geek has since received a statement from a spokesperson at LastPass. According to LastPass, these are “common bot activities” that attempt to access accounts containing data leaked through a hack at another service. According to the company, they have “no indication that accounts were actually compromised or that anyone gained access to LastPass.”
Update: 20.15: LastPass detailed in a blog what the company believes is going on and what users can do to protect their account from unauthorized login attempts. LastPass writes that they do indeed see a “small increase in activity”, meaning the login attempts by third parties. LastPass reiterates that there is no evidence of a leak at LastPass or its former parent company LogMeIn.
LastPass writes that there are several features built into the password manager to prevent these types of login attempts, including flagging login attempts from unusual locations. In addition, users can make their own account more secure by linking a strong, unique password to the account. It is also advised to enable two-step verification.