"It Appears That LastPass Infrastructure Has Been Compromised"
-
Wladimir Palant: How did LastPass master passwords get compromised? [Ed: LastPass (clown computing/outsourcing) is for fools and willfully negligent hipsters; this is an epic disaster waiting to happen. The media is mostly relaying what the company says about its own systems without bothering to investigate the actual facts]]
The mail is legitimate and has been sent out by the LastPass service. The location however was typically very far away from the user’s actual location, e.g. in a country like Brazil or India. Yet this isn’t merely an attempt to guess the password, as LastPass will only send a mail like this one if the correct master password is provided in the login attempt.
One affected user created a thread on Hacker News and at least a dozen others chimed in with similar experiences. This indicates that a large-scale attack is underway, with the total number of affected users being quite significant.
As online password managers go, a user’s master password is the most critical piece of information. So the important question is: how do the attackers know the master passwords? There are some explanation being discussed: credential stuffing, phishing, malware, LastPass compromise. As I know a thing or two about LastPass, I’ll write down how likely these are and why.
TL;DR: It appears that LastPass infrastructure has been compromised, all other explanations being rather unlikely. And, surprisingly, it isn’t given that the attackers actually know these master passwords.
-
LastPass admits attack but assures master passwords are safe - Macworld
-
LastPass Claims Your Passwords Are Safe Despite Those Security Warnings It Sent | HotHardware
LastPass is telling its users that there is no evidence to suggest their passwords have been compromised, after previously sending out emails to some users stating their master passwords have been compromised. So what exactly is going on? According to LastPass, the email warnings were "likely triggered in error."
-
LastPass Users' Master Passwords May Have Been Leaked | Beebom
LastPass is arguably one of the popular password managers, coming with various security features for users to protect their online credentials. However, it could have been exposed to a new security breach as many users have recently reported that their master passwords might have been compromised. Here are the details.
-
LastPass users warned their master passwords are compromised
Many LastPass users report that their master passwords have been compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations.
The email notifications also mention that the login attempts have been blocked because they were made from unfamiliar locations worldwide.
"Someone just used your master password to try to log in to your account from a device or location we didn't recognize," the login alerts warn.
-
LastPass: some users report compromised accounts - gHacks Tech News
Some users of the LastPass password manager revealed this week that they have received emails from LastPass stating that logins to their accounts using the account's master password were blocked. The first of these reports was published on Hacker News.
-
LastPass users are seeing compromised Master Passwords - 9to5Google
Password managers are a great way to improve your online security, but it would be a nightmare scenario if your password manager’s account were hacked. This week, some LastPass users report that their Master Passwords appear to have been compromised, but LastPass says things are technically working as they’re supposed to.
- Login or register to post comments
- Printer-friendly version
- 2144 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Is LastPass Password Manager Hacked?
Is LastPass Password Manager Hacked? Users Reveal Possible Compromise, 3 Ways to Protect Your Password