Please see Security Advisories for the week ending December 31, 2021
- LastPass users are skeptical after company insists it wasn’t hacked
_______________________________
LastPass users are skeptical after company insists it wasn’t hacked
Situation
Online forums are abuzz with reports that LastPass sent emails to users describing unauthorized login attempts with their master passwords, after one user posted about the issue on Hacker News.
Problem
This is considered particularly concerning because the password was used only on LastPass and stored only in an encrypted password manager called KeePassX.
Implication
It’s possible this could be a “false positive” situation. LastPass could have a problem with its emails, not with its security. Security enthusiast, Greg Sadetsky says he contacted LastPass support and received confirmation that the email was not a phishing scam: it legitimately came from the company. But perhaps it came in error due to a low-level bug. There’s also the possibility that LastPass has a security problem that hasn’t been revealed.
Need
Regardless of the issue’s cause, it’s a good time to change your LastPass master password. If you want to avoid compromised accounts — social media, online banking, email, and more — you might want to grab yourself a password manager or two.
For a brief overview:
https://www.inputmag.com/culture/lastpass-denies-hack-alerts-users-of-security-breach
For a more technical overview:
https://www.pewresearch.org/internet/2017/01/26/2-password-management-and-mobile-security/