LastPass says an error, not hackers, triggered some security alerts

LASTPASS, services that secure your personal account password behind a single main password, is the subject of new security issues this week because users report unusual activities. The company initially illustrated the warning of the possibility due to the activity of credentials but has since clarified that system errors might have caused several warnings.

Problem

LASTPASS users rise to this week’s social media site to report that they have received emails that warn them on blocked efforts to enter their accounts. The number of reports that is rolling from the user asks questions about whether there are greater security violations in lastpass, even though the company quickly denies (via Twitter).

Fixing speculation is a problem that seems related to where some users, including myself, receive a warning warning that someone has tried to use the Utama account password, which is basically a password for the LastPass Vault. If the last user regulates their main password as something they previously used on a different platform that leaked it to the broader Internet, there is a possibility that the login effort can be a result of charging credentials.

However, in my case, the LASTPASS master password on my account is automatically generated using the browser password generator. The main password is a range of random characters that cannot be guessed naturally, and, which is very important, I have never used a password on the account or other platform.

For this reason, it is unlikely that my first password was previously leaked by different services, then swept by a hacker who tried to enter the account with the credentials – terms that refer to repeatedly trying to enter their accounts and variants with expectations that someone works.

Many claims appear on social media from users who say they also use the unique main password for their lastpass accounts that were previously not used on other platforms (1,2). Given this, we reach the lastpass to clarify about what might cause this user to receive security warnings.

One problem leads to another

According to the company, his investigation found evidence that errors might result in several users who received security warnings when there was no, in fact, there was an effort to access their account. According to LastPass, he continued to investigate this problem after not finding evidence of security violations, specifically looking into the causes of automatic security warnings received by several users.

In a statement about this problem, LASTPASS VP Product Management and Demichele explained:

Our investigation has found that some of these security warnings, which are sent to limited subset of LASTPASS users, possibly triggered by errors. As a result, we have adjusted our security warning system and this problem since it was resolved.

This warning was triggered because efforts lasted to retain their customers from poor actors and credentials. It is also important to repeat that the LASTPASS zero-knowledge security model means that at the time there is no time of lastpass, it has knowledge, or has access to the user’s master’s password.

We will continue to monitor regularly for unusual or dangerous activities and will, as needed, continue to take steps designed to ensure that lastpasses, users and their data remain protected and safe.