One of the users who received an email alert from LastPass stated that it warned them of an unauthorized login attempt using their account’s master password.
LastPass password manager users were shocked when they received alerts about their accounts getting compromised during a hack attack. The company released a statement on December 28th stating that credential stuffing attacks could impact some users. However, later, it clarified that this was a false alert.
AppleInsider first identified the reports of LastPass account compromise. The alerts informed users that some unauthorized parties tried to access their accounts from different parts of the world, including Brazil, and that LastPass thwarted these attempts.
It must be noted that most of the accounts that received the alert were outdated, and login attempts were linked to credential stuffing in which threat actors tried to access user accounts using details obtained from different services involved in an earlier third-party breach.
In a blog post, Gabor Angyal, Vice President Of Engineering at LastPass stated there was no indication that any of its accounts were compromised.
“There is no indication that any LastPass accounts were compromised by an unauthorized third-party as