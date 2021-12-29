LastPass, the popular password manager, finds itself in a mess after it sent notices of theft of master credentials to hundreds of users who use the platform. The company has declared to The Verge that their service is not compromised. The alerts, in principle, have been sent by mistake. Customers, however, say that the warnings go beyond a simple email.

Reports from LastPass users began to appear on the portal Hacker news. Specifically, several clients who use the platform to store their passwords ensure have received an email alerting you to suspicious logins. “Someone just used your master password to try to log into your account from a device or location that we have not recognized,” the message read. Following concern, the company quickly stated that its database they have not been compromised. Making it clear, therefore, that the master passwords were not exposed.

One of the first causes considered by Nikolett Bacso-Albaum, senior director of LogMeIn Global PR, is that the massive sending of messages could have been caused by “quite common activities related to bots”. These, in particular, use exposed email addresses and passwords in the past – even by third-party platforms – to try to access accounts that may still be active. However, and according to more defined statements by LastPass, the alerts could have been made by a simple error.

“Our investigation has since found that some of these security alerts, which were sent to a limited subset of LastPass users, were likely triggered by mistake. As a result, we have adjusted our security alert systems and this issue has been resolved. since then”. Secure LastPass in a declaration to The Verge.

Doubts and Uncertainty Among LastPass Customers

Users, however, warn that suspicious login prompts go beyond a simple email message. “The email was not really phishing. The same information about the login attempt appears in my LastPass control panel. I also spoke to LastPass support on the phone, and they confirmed they saw the same information,” says one customer. . Others also claim that they only use the password in LastPass. Therefore, they deny that the “bots” tried to gain access through third-party leaks.

While trying to clarify what happened, there is no doubt that the most advisable measure is change LastPass master passwordeven if the user has not received the warnings. Two-step authentication is also one more measure to prevent credential theft.