LastPass members have reported multiple attempted logins using correct master passwords from various locations, but the company says that the recent attacks are a result of shared passwords gleaned from breaches of other services.
The majority of reports appear to come from users with outdated LastPass accounts, meaning they haven’t used the service in some time and haven’t changed the password. This indicates the master password list being used may have come from an earlier hack.
Few users claim that changing their password hasn’t helped, with one user claiming that they saw new login attempts from various locations with each password change. It is unclear how severe the password leak may be, or if LastPass is currently under attack.
LastPass investigated recent reports of blocked login attempts and we believe the activity is related to attempted ‘credential stuffing’ activity, in which a malicious or bad actor attempts to access user accounts using email addresses and passwords obtained from third-party breaches related to other unaffiliated services,we do not have any indication that accounts were successfully accessed or that the LastPass service was otherwise compromised by an unauthorized party. We regularly monitor for this type of activity and will continue to take steps designed to ensure that LastPass, its users, and their data remain protected and secure.LastPass Statement
The recommendation is that users change their passwords, enable two-factor authentication, and keep an eye out for suspicious login attempts. There is also the option of removing passwords from the service and migrating to 1Password or Apple’s iCloud Keychain.