One of the most popular and highly recommended password managers may be a little less secure after multiple users have reported phantom login attempts from foreign countries.
LastPass is investigating reports of a possible attack on its servers and assuring users that it “will continue to take steps designed to ensure that LastPass, its users, and their data remain protected and secure.” However, the company believes “the activity is related to attempted ‘credential stuffing’ activity, in which a malicious or bad actor attempts to access user accounts (in this case, LastPass) using email addresses and passwords obtained from third-party breaches related to other unaffiliated services,” according to a statement sent to AppleInsider.
The company claims there is no evidence to suggest that any accounts were compromised.
Still, it’s a troubling turn of events for one of the premier password manager on the net. LastPass boasts millions of users of its service, which stores passwords in an encrypted online vault accessible on iPhones, iPads, Apple Watches, and Macs. Users access their vault using a master password, which is what users fear may have been compromised.
In 2019, LastPass resolved a browser extension bug that could have resulted in site credentials filled by LastPass to be exposed.
If you have a LastPass account, it’s probably a good idea to change your master password, though some users report suspicious activity even after changing their password. It’s also a good idea to turn on two-factor authentication, which adds a second login method (SMS, OTP, or biometric) in addition to your password for an extra layer of security.
from Macworld.com https://ift.tt/3pCl1nE
via IFTTT