Probably one of the worst scenarios for users is to have their password manager account compromised since they rely on that service to keep their login information safe and secure. So when some users of popular service LastPass started receiving emails that someone is attempting to access their account using their Master Password, it is of course a source of panic. LastPass has now officially made a statement saying that there was no indication of any third-party breach or leak in their system and that they are taking steps to ensure their users’ security.
If you’re not familiar with LastPass or password managers yet, they use a “Master Password” to unlock the various passwords that are saved on the account. While the encrypted vault of passwords is stored on the servers of the service, the Master Password is not. So when some users started receiving an email that someone was using their Master Password to access their account but that the service has blocked this attempt due to the region where it originated from.
This led to some suspicions that there was a leak from LastPass of their users’ Master Passwords or that a third party may have accessed this. But in a statement from the company to How-To-Geek, they said that while they did investigate the incidents, there was no indication that these phishing attempts were successful. They also assured users that their service was not accessed or compromised by an unauthorized party. The fact that users received a legitimate email that the attempts were blocked means they’re doing what they’re supposed to do which is to ensure that the data is protected and secure.
LastPass is speculating that users may have used their Master Password on other services and that may have been the ones that were breached. They may have been victims of a keylogger type of attack or their email address and password were accessed in another service that experienced a leak or attack. However, some users said they were using unique passwords on LastPass so that seems improbable. Some who already changed their Master Password say that their accounts were accessed and blocked again.
Whether or not you received an email regarding this, it would be best if you changed your Master Password on your LastPass account. You should also regularly change this up and also make sure you enable two-factor authentication to protect your account and your passwords.