Recent reports suggest that LastPass users have started reporting login attempts from anonymous locations utilizing correct master passwords at the beginning of this week. The password manager organization asserts these possibly came from restated passwords exposed from independent hacks. However, a couple of users argue and have recommended different theories.
Moreover, users of LastPass on the Hacker News forum are reporting login attempts on those accounts that are old and inactive. Nevertheless, it does not seem to be separated into extinct credentials. However, the rest of the users report that they got email notifications of unknown login attempts on newer active accounts.
The password manager company, LastPass, revealed a statement today stating it doesn’t believe the service itself was threatened. According to the company, the credentials came from past unrelated service hacks. Some users on Hacker News noted that they were getting login notifications after shortly changing to new, unique passwords.
However, according to one theory on the forum, someone utilizes a LastPass browser extension vulnerability via an extraordinarily well-made phishing website. Moreover, the website has links with an IP address connected with more than one of the login attempts, which seems to be from Brazil. A couple of other attempts came from India, and a minimum of one other came from Thailand.
It is noteworthy to mention that none of the login attempts have pierced LastPass’s two-factor authentication, which you must possibly be utilizing for any service that provides it. Apart from this, interested users must additionally think about changing their master passwords.