Categories
Apple Apps Business Developer Hack Hacks iOS iPad iPadOS iPhone iPhone Mac macOS News privacy security Software

LastPass master password list may have been compromised

LastPass has apparently been breached.

A number of the password service’s members have reported issues when using multiple attempted logins with their correct master passwords from various locations. The company has stated that the recent attacks are a result of shared passwords gleaned from breaches of other services.

Per Hacker News, an unknown number of LassPass master passwords appear to have been compromised. While the exact number is unknown, a pattern has emerged therein the majority of reports appear to come from users with outdated LastPass accounts, meaning they haven’t used the service in some time and haven’t changed the password. This indicates the master password list being used may have come from an earlier hack.

Some users have also claimed that changing their password hasn’t helped resolve the issue. In the case of one user, they saw new login attempts from various locations with each password change. It is unclear how severe the password leak may be, or if LastPass is currently under attack.

LastPass spokesperson Meghan Larson offered the following comment:

“LastPass investigated recent reports of blocked login attempts and we believe the activity is related to attempted ‘credential stuffing’ activity, in which a malicious or bad actor attempts to access user accounts (in this case, LastPass) using email addresses and passwords obtained from third-party breaches related to other unaffiliated services. It’s important to note that, at this time, we do not have any indication that accounts were successfully accessed or that the LastPass service was otherwise compromised by an unauthorized party. We regularly monitor for this type of activity and will continue to take steps designed to ensure that LastPass, its users, and their data remain protected and secure.”

It’s been recommended that LastPass users change their passwords, enable two-factor authentication, and keep an eye out for suspicious login attempts. There is also the option of removing passwords from the service and migrating to 1Password or Apple’s iCloud Keychain.

Stay tuned for additional details as they become available.

Via AppleInsider and Hacker News