LastPass accidentally scared users witless with false breach alerts

By Nick Heyman On Dec 29, 2021

Password manager firm LastPass has confirmed that a number of recent unauthorized login alerts received by customers were sent out in error.

After users took to online forums to notify one another that someone from Brazil (as well as other places around the world) had been trying to access their LastPass accounts, the company responded, explaining that no passwords have been compromised.

As per an article from The Verge, when reports first started popping up, LastPass responded by saying the issue was probably caused by automated bots trying out passwords stolen elsewhere on the web. However, after further investigation into the matter, the company realized that its own systems were to blame, at least in part.

“Out of an abundance of caution, we continued to investigate in an effort to determine what was causing the automated security alert e-mails to be triggered from our systems,” explained Dan DeMichele, VP Product Management at LastPass.

“Our investigation has since found that some of these security alerts, which were sent to a limited subset of LastPass users, were likely triggered in error. As a result, we have adjusted our security alert systems and this issue has since been resolved. These alerts were triggered due to LastPass’s ongoing efforts to defend its customers from bad actors and credential stuffing attempts.”

Storing passwords securely

LastPass is a popular password manager that generates, stores and automatically changes passwords in regular intervals (among other things). It’s one of many freemium password managers available.

Passwords are generally considered the weakest link in the cybersecurity chain. As a result, security experts recommend users create strong and unique passwords, store them securely, and change them frequently.

A password manager is recommended, as a tool that can simplify what’s often seen as a cumbersome and time-consuming process.

Multi-factor authentication, in the form of a smartphone apps or security key, is also recommended, especially for more sensitive services, such as banking.

Via The Verge

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TheDailyCheck is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] The content will be deleted within 24 hours.