The image is by Alex Castro.
Users reported that they were notified of unauthorized login attempts, but LastPass says there is no evidence of a data breach. The password manager insists that it was never compromised and that users accounts have not been accessed by bad actors.
A lot of people's LastPass accounts are malfunctioning. I posted this to Hacker News and it gathered 192 comments, including 7 separate reports of master password and login attempts from the same Brazil IP range. I'm UHH.
>
December 27, 2021.
A post on the Hacker News forum by a LastPass user caused reports to start popping up. He claims that he was warned of a login attempt from Brazil. Other users noted that they experienced the same thing. The original poster points out that some people were also warned of an attempt from Brazil, while other attempts were traced back to different countries. Concerns that a breach took place were raised by this.
The senior director of LogMeIn Global PR told The Verge that the alerts users received were related to fairly common bot-related activity, involving malicious attempts to log in to LastPass accounts using email addresses and passwords that bad actors have previously used.
There is no indication that accounts were successfully accessed or that the LastPass service was compromised. We regularly monitor for this type of activity and will take steps to ensure that LastPass, its users, and their data remain protected and secure.
If you have a LastPass account, it is still a good idea to fortify it with multifactor authentication, which uses outside sources to verify your identity before you log in to your account.