LastPass says your passwords are totally safe and no one’s account was compromised
The alerts sent out by the company earlier in the week were apparently triggered in error.
LastPass really wants you to know that the company didn’t leak any of your passwords. Earlier this week, users reported that the company notified them that their master passwords might have been compromised. But now, the company says an “error” may have caused the alerts to be sent out.
The alerts stated that unauthorized third parties were trying to access their accounts from various parts of the globe, including Brazil. Thankfully, the system blocked these login attempts due to the suspicious geographical origin.
The company said these login attempts may have been the cause of simple credential stuffing. That’s when an attacker uses one of the many publicly available databases from other site breaches and sets up a bot to check all the possible combinations.
Dan DeMichele, vice president of product management at LastPass, said in a tweet that the warning message was likely sent by mistake.
“Our investigation has since found that some of these security alerts, which were sent to a limited subset of LastPass users, were likely triggered in error. As a result, we have adjusted our security alert systems, and this issue has since been resolved,” he said.
To put LastPass users at ease, the company says it will continue to keep an eye on this. Still, it assures users that the company doesn’t indicate that accounts were successfully accessed or compromised by an unauthorized party.
If this is the case, how does a company send these alerts out in error? Seems like a colossal fuck up if you ask me, especially when it comes from a company that focuses on its customers’ security.
If all of this leaves a bad taste in your mouth, that’s understandable. I mean, this is a pretty big deal. Thankfully, there are other password managers out there, and if you’re looking to switch, you can always delete your LastPass account and make the jump to another one.
- LastPass’ Android app is chock-full of trackers, says a security researcher
- A new LastPass update is making the free version kind of lame
- LastPass was so secure this weekend that some users couldn’t access their own accounts
- LastPass, the highly popular password manager is now free for mobile devices