- Apr 24, 2016
LastPass members have reported multiple attempted logins using correct master passwords from various locations, indicating a possible data breach at the company.
Multiple users in a Hacker News forum have shared that their master passwords for LastPass appear to be compromised. It is unknown how the passwords have leaked out, but a pattern has emerged amongst users.
The majority of reports appear to come from users with outdated LastPass accounts, meaning they haven't used the service in some time and haven't changed the password. This indicates the master password list being used may have come from an earlier hack.
Some users claim that changing their password hasn't helped, with one user claiming that they saw new login attempts from various locations with each password change. It is unclear how severe the password leak may be, or if LastPass is currently under attack.
There has been no official statement from LastPass as of yet. AppleInsider has reached out to the company for clarification.
AppleInsider recommends that users change their passwords, enable two-factor authentication, and keep an eye out for suspicious login attempts. There is also the option of removing passwords from the service and migrating to 1Password or Apple's iCloud Keychain.
LastPass is a free password manager available across desktop and mobile devices. There have been security concerns about the Android version of the app and its use of trackers.