LastPass Executives Assure Users of No Breached Accounts Following Recent Security Warnings: Insights From ZDNet
LastPass Executives Assure Users of No Breached Accounts Following Recent Security Warnings: Insights From ZDNet
Two LastPass vice presidents have released statements about the situation surrounding LastPass security issues that came to light this week.
ZDNET Recommends
Two days ago, hundreds of LastPass users took to Twitter , Reddit , and other sites to complain that they were getting alerts about their master password being used by someone who was not them. Some reported that even after changing their master password, someone tried to access their account again.
On Tuesday, the company released a brief statement noting that its security team observed and received reports of potential credential stuffing attempts. Credential stuffing involves attackers stealing credentials (usernames, passwords, etc.) to access users’ accounts.
“While we have observed a small uptick in this activity, we are utilizing multiple technical, organizational, and operational methods designed to protect against credential stuffing attempts. Importantly, we also want to reassure you that there is no indication, at this time, that LastPass or LogMeIn were breached or compromised,” wrote Gabor Angyal, VP of engineering at LastPass.
On Wednesday, the company expanded Angyal’s original statement, explaining that it recently investigated reports of an uptick of users receiving blocked access emails, normally sent to users who log in from different devices and locations. The company’s initial findings led it to believe that these alerts were triggered in response to attempted “credential stuffing” activity.
Angyal’s Wednesday statement said, “Out of an abundance of caution, we continued to investigate in an effort to determine what was causing the automated security alert emails to be triggered from our systems. Our investigation has since found that some of these security alerts, which were sent to a limited subset of LastPass users, were likely triggered in error. As a result, we have adjusted our security alert systems and this issue has since been resolved.”
Angyal noted that at “no time does LastPass store, have knowledge of, or have access to a user’s Master Password(s).”
LastPass VP of product management Dan DeMichele sent out a notice to multiple outlets with the same information that was shared in the updated statement from Angyal.
Some online were not assuaged by the statement, noting the qualifiers used that prompted more questions.
Craig Lurey, CTO of password manager Keeper, said that what is so concerning about credential stuffing attacks is that attackers prey on a highly-prevalent problem among consumers right now: breach fatigue.
“With a slew of breaches and alerts throughout 2021, consumers have become apathetic to compromised accounts. In fact, a recent survey from the Identity Theft Resource Center revealed that 16% of breach victims take absolutely no action to re-secure their accounts,” Lurey said.
“In their minds, the ‘data is already out there,’ the hacked organization will take care of it, they don’t know what to do, or, ironically, they dismiss the notification as a scam. This apathy is what cybercriminals thrive on and is why we can expect to see a rise in credential stuffing alerts.”
Due to the concerns over master passwords, Perimeter 81 CEO Amit Bareket suggested using biometric authentication or MFA for master passwords with managers like LastPass.
Parent company LogMeIn announced just two weeks ago that it is spinning off LastPass into its own company.
Security
The best VPN services of 2024: Expert tested
How to turn on Private DNS Mode on Android (and why you should)
The best antivirus software and apps you can buy
The best VPN routers you can buy
How to find and remove spyware from your phone
- The best VPN services of 2024: Expert tested
- How to turn on Private DNS Mode on Android (and why you should)
- The best antivirus software and apps you can buy
- The best VPN routers you can buy
- How to find and remove spyware from your phone
Also read:
- [New] 2024 Approved 5 Ways to Record Audio on Windows 11
- [New] Unveiling Pristine Sources for High-Quality Tamil Ringtone Files
- [Updated] 2024 Approved Launch Your Live Stream A Comprehensive Beginner's Manual
- [Updated] In 2024, Does Image Smoothing Streamline the Creative Process?
- [Updated] In 2024, Unlocking Instagram's Video Sharing Limits
- 7 Leading Budget 4K Mirrorless Cameras (<$1K)
- Beyond Expectations: An In-Depth Review of Motorola's Stellar Mid-Range Device, The One Hyper
- Exploring Rust with Linux Creator Linus Torvalds: Insights on His Work Habits and Life with MacBook Air | Exclusive Coverage From ZDNET
- Get the New Killer 1535 Drivers for Your Wi-Fi Device Instantly!
- Grounding Is Especially Critical for Transmitting Antennas Due to the High Power Involved, Which Increases the Risk of Lightning Strikes and Electrical Hazards.
- Leading the Digital Shift: How Enterprise Architects Are Steering Change | ZDNet
- Navigating Today's Challenges: Overcoming Uncertainty in AI Output & Doubts on Precision - Insights From ZDNet
- Screen Recording with Internal Devices on Huawei’s Mate (Mate 10/20) and P (P20, P10). For 2024
- The Hottest Developer Positions & Rising Programming Languages: Predictions for the Tech Industry | Insights From ZDNet
- The Polarization Shown by the Radiation Pattern Should Match that of the Receiving Antenna to Maximize Signal Reception and Minimize Losses.
- Understanding and Solving Windows Update Error Code 80070103: Expert Advice & Tips
- Unlocking Mastery in Quick Writer with These Latest Copilot Updates for Microsoft 365 - Expert Insights From ZDNet
- Unlocking the Potential of AI in Business with ServiceNow: Understanding the Four Critical Guiding Principles - Insights From ZDNet
- Urgent Challenge: Microsoft Must Fix Windows 10 Issues Within Just One Year - Insights From ZDNet
- Title: LastPass Executives Assure Users of No Breached Accounts Following Recent Security Warnings: Insights From ZDNet
- Author: Matthew
- Created at : 2024-10-17 07:20:28
- Updated at : 2024-10-17 18:32:30
- Link: https://app-tips.techidaily.com/lastpass-executives-assure-users-of-no-breached-accounts-following-recent-security-warnings-insights-from-zdnet/
- License: This work is licensed under CC BY-NC-SA 4.0.