Hello folks,
I’ve been seeing tweets of a potential hacking attempt over at lastpass. Lastpass is just like any companym, and I decided to go over to see if they had any news on what was going on.
The good news is that no user data as far as they can tell was ever accessed, but credential stuffing was definitely the cause on some accounts.
The article is titled Unusual Attempted Login Activity: How LastPass Protects You which you should read.
The article is detailed on what they found, the fact they monitor for such things, and advise users not to use their master password for anything else. They believe that the attempts were as a result of prior breaches elsewhere, where actors are trying to try email address and password pairs to take over lastpass accounts.
The article also talks about the password recovery process in case users need to utalize it and the fact you still need to use a browser you last logged in successfully to regain access to your account.
If you use Lastpass like I do, than you should read this one. I found this article very valuable. Thanks for reading!