LastPass: User master passwords have been compromised
LastPass ended the year badly with master passwords for compromised users. This is the very principle of password managers: they are protected by a master password which then gives access to each identifier.
Hackers attack LastPass and passwords
“Someone just used your master password to try to log into your account from a device or location we didn’t recognize” is the alert many have received. users. The password manager continues by indicating that the connection has been blocked.
In view of the situation and the many testimonies, LogMeIn (the owner of LastPass) wanted to react. The groupsaidthat the perpetrator of the attack on user accounts is just a bot. It is trying to get online relying on data leaks from other sites. Some people use the same password on all sites, so the bot tries to use it to check if it works with LastPass.
However, the users who received the alert assure that their master password is unique. Worse, people have received a new login attempt alert after changing their master password.
Is this therefore a hack? LastPass assures us that this is not the case. Also, the group says that no saved password has been recovered. Only master passwords have been compromised.