LastPass Users Notified of Their Master Passwords Stolen

LastPass Users Notified of Their Master Passwords Stolen

After getting email notifications that someone tried to enter their accounts from unknown locations, several LastPass users claim their master passwords have been hacked. According to email warnings, the login attempts were also denied because they were attempted from unknown locations around the world.

“Someone just used your master password to try to log in to your account from a device or location we didn’t recognize,” as stated in the login alerts warning. “LastPass blocked this attempt, but you should take a closer look. Was this you?”

Multiple social media sites and internet platforms, including Reddit, Twitter, and Hacker News (initial report from Greg Sadetsky), are reporting hacked LastPass master passwords.

Users who have received these warnings, on the other hand, have said that their passwords are unique to LastPass and are not used anywhere else. LastPass has been asked about these concerns, but a reply is still awaited. 

While LastPass provided no information about the threat actors behind these credential stuffing efforts, security researcher Bob Diachenko recently discovered thousands of LastPass credentials while reviewing Redline Stealer malware logs. LastPass clients who got similar login notifications claimed that their emails were not included in Diachenko’s list of login pairs obtained by RedLine Stealer.

It suggests that threat actors behind takeover attempts employed another method to gain their targets’ master passwords, at least in some of these reports. Some users have also reported changing their master passwords after receiving the login warning, only to get another notice after doing so.

Customers who attempted to disable and delete their LastPass accounts after seeing these warnings have reported [12] obtaining “Something went wrong: A” errors after pressing the “Delete” button. Users of LastPass should enable multifactor authentication to secure their accounts even if their master password has been hacked.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.