Hackers trying to Access your Lastpass Account — What to Do

Hackers trying to Access your Lastpass Account — What to Do

Although the free version is no longer offered, LastPass is one of the best password managers available and is a likely target for hackers. Many users have reported receiving warnings that their LastPass master passwords have been compromised, but like many other cases of this kind, it appears to be the result of password reuse or passwords being published elsewhere.

First published in Hacker News, many of these intrusion attempts appear to have originated from Brazil and other parts of the world. Because of the unusual origin of these requests, LastPass blocked these attempts and sent emails to legitimate customers warning them that their passwords may have been compromised.

In a statement to Android Police, LastPass owner LogMeIn said:

"LastPass has investigated recent reports of login attempts being blocked and has determined that malicious or bad actors may be using other unrelated We have determined that they are related to a fairly common bot-related activity where a malicious or malicious actor attempts to access a user account (in this case LastPass) using an email address and password obtained from a third-party breach related to the service. It is important to note that there is no indication that the accounts were successfully accessed or that the LastPass service was compromised. We regularly monitor such activity and will continue to take steps to ensure that LastPass, its users, and their data are protected and secure.

Even if hackers were able to break into LastPass itself, it is highly unlikely that they would have access to a user's master password. This is because LastPass servers do not store master passwords. Instead, it stores a "hash" of the Master Password. This means that the master password entered is run through an algorithm on the device and the results of the algorithm are compared to what LastPass has stored in the past.

If you receive a warning from LastPass that someone has tried to log into your account, or if you want to make it more difficult for hackers to break into your account, there are several steps you should take immediately.

While it is good that no accounts were compromised, it is an important reminder of why having unique passwords is so important. Using the same password over and over again can be a major vulnerability. Now would be a good time to make sure that all passwords are unique and secure; web browsers such as Google Chrome, Firefox, and Microsoft Edge have the ability to warn you if a password is broken or suggest a new password.

Categories