LastPass VPs confirm 'no indication' of compromised accounts after security alerts

Two LastPass vice presidents have released statements about the situation surrounding LastPass security issues that came to light this week. 

Two days ago, hundreds of LastPass users took to Twitter, Redditand other sites to complain that they were getting alerts about their master password being used by someone who was not them. Some reported that even after changing their master password, someone tried to access their account again. 

On Tuesday, the company released a brief statement noting that its security team observed and received reports of potential credential stuffing attempts. Credential stuffing involves attackers stealing credentials (usernames, passwords, etc.) to access users’ accounts.

“While we have observed a small uptick in this activity, we are utilizing multiple technical, organizational, and operational methods designed to protect against credential stuffing attempts. Importantly, we also want to reassure you that there is no indication, at this time, that LastPass or LogMeIn were breached or compromised,” wrote Gabor Angyal, VP of engineering at LastPass. 

On Wednesday, the company expanded Angyal’s original statement, explaining that it recently investigated reports of an uptick of users receiving blocked access emails, normally sent to users who log in from different devices and locations. The company’s initial findings led it to believe

Read More: