LastPass accidentally scared users witless with false breach alerts
LastPass says unauthorized access alerts were sent out in error
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Password managerfirmLastPasshas confirmed that a number of recent unauthorized login alerts received by customers were sent out in error.
After users took to online forums to notify one another that someone from Brazil (as well as other places around the world) had been trying to access their LastPass accounts, the company responded, explaining that no passwords have been compromised.
As per an article fromThe Verge, when reports first started popping up, LastPass responded by saying the issue was probably caused by automated bots trying out passwords stolen elsewhere on the web. However, after further investigation into the matter, the company realized that its own systems were to blame, at least in part.
“Out of an abundance of caution, we continued to investigate in an effort to determine what was causing the automated security alert e-mails to be triggered from our systems,” explained Dan DeMichele, VP Product Management at LastPass.
“Our investigation has since found that some of these security alerts, which were sent to a limited subset of LastPass users, were likely triggered in error. As a result, we have adjusted our security alert systems and this issue has since been resolved. These alerts were triggered due to LastPass’s ongoing efforts to defend its customers from bad actors and credential stuffing attempts.”
Storing passwords securely
LastPass is a popular password manager that generates, stores and automatically changes passwords in regular intervals (among other things). It’s one of many freemium password managers available.
Passwords are generally considered the weakest link in the cybersecurity chain. As a result, security experts recommend users create strong and unique passwords, store them securely, and change them frequently.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
A password manager is recommended, as a tool that can simplify what’s often seen as a cumbersome and time-consuming process.
Multi-factor authentication, in the form of a smartphone apps orsecurity key, is also recommended, especially for more sensitive services, such as banking.
ViaThe Verge
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
This super-cheap HP Victus 15 gaming laptop just dropped to its lowest price yet
