Error prompted LastPass to send false breach alerts to users

One of the users who received an email alert from LastPass stated that it warned them of an unauthorized login attempt using their account’s master password.

LastPass password manager users were shocked when they received alerts about their accounts getting compromised during a hack attack. The company released a statement on December 28th stating that credential stuffing attacks could impact some users. However, later, it clarified that this was a false alert.

AppleInsider first identified the reports of LastPass account compromise. The alerts informed users that some unauthorized parties tried to access their accounts from different parts of the world, including Brazil, and that LastPass thwarted these attempts.

SEE: Best Password Managers For 2020

It must be noted that most of the accounts that received the alert were outdated, and login attempts were linked to credential stuffing in which threat actors tried to access user accounts using details obtained from different services involved in an earlier third-party breach.

Company’s Statement

In a blog post, Gabor Angyal, Vice President Of Engineering at LastPass stated there was no indication that any of its accounts were compromised.

“There is no indication that any LastPass accounts were compromised by an unauthorized third-party as

Read More: https://www.hackread.com/error-prompts-lastpass-false-data-breach-alerts/