Hackers trying to access LastPass accounts — what to do

1. Home
2. News
3. Security

Hackers trying to access LastPass accounts — what to practise

(Epitome credit: LastPass)

Despite it no longer offering a free tier, LastPass remains one of the best password managers, which likewise makes it a likely target for hackers. A number of users reported that they received warnings that their LastPass principal passwords have been compromised, though as in many other cases of this ilk, it appears to be the result of them having re-used passwords, or having their passwords exposed elsewhere.

Showtime actualization in Hacker News, it seems that a number of these attempted breaches originated in Brazil and other parts of the world; due to the unusual origin of these requests, LastPass blocked these attempts then emailed the legitimate customers, alarm that their passwords may have been compromised.

In a statement to Android Police, LastPass possessor LogMeIn said:

"LastPass investigated recent reports of blocked login attempts and adamant the activity is related to fairly common bot-related activeness, in which a malicious or bad actor attempts to access user accounts (in this case, LastPass) using electronic mail addresses and passwords obtained from third-political party breaches related to other unaffiliated services. It'southward important to note that nosotros do non have whatsoever indication that accounts were successfully accessed or that the LastPass service was otherwise compromised by an unauthorized party. We regularly monitor for this type of activeness and volition continue to take steps designed to ensure that LastPass, its users, and their data remain protected and secure."

Fifty-fifty if hackers were able to breach LastPass itself, it'due south highly unlikely that they'd exist able to access users' chief passwords. That's considering LastPass'southward servers don't shop your master password. Instead, they shop a "hash" of the master password, which means the master password you type in is run through an algorithm on your device and the result of the algorithm is compared to what LastPass has previously stored.

What to do if your LastPass chief password has been compromised

If y'all received a warning from LastPass that someone attempted to log into your business relationship — or if you want to make it more hard for hackers to pause into your business relationship — there's a few steps you should accept right away.

• Change your LastPass primary countersign to one that you don't utilize elsewhere.
• LastPass users can minimize the risk of compromise by enabling two-factor authentication in their Business relationship Settings > Multifactor Options.
• Because many of these unauthorized login attempts seem to be coming from Brazil or South Africa, restricting logins to simply specific countries should cake some of the attempts. Go into Account Settings, click the "Show Advanced Settings" button on the bottom of the Settings window, curlicue downwards and select "Only let login from selected countries" and then check off the country where y'all live and those countries that you may frequently visit. Click "Update" when done.
• If you're worried about failed login attempts to your account, go into Avant-garde Options from the principal bill of fare's navigation bar, and then select "View Business relationship History." That will let you view all login attempts, successful or non, over a specific date range. You'll want to look for login attempts from unfamiliar IP addresses that don't match those that you lot normally use. The IP addresses y'all normally utilise will exist the vast bulk of the successful logins, and those IP addresses that don't match should stand out.

While it's skilful to know that no accounts were compromised, it'southward an important reminder as to why having unique passwords are so disquisitional. Using the aforementioned password too many times can be a major vulnerability. Now would exist a skillful time to brand sure that all your passwords are unique and secure. Web browsers similar Google Chrome, Firefox and Microsoft Edge all have features that can warn you if any of your passwords accept been breached and can suggest new passwords every bit well.

Michael A. Prospero is the deputy editor at Tom'south Guide overseeing the domicile, smart dwelling, drones, and fitness/wearables categories, too equally all buying guides and other evergreen content. When he's not testing out the latest running watch, skiing or training for a marathon, he's probably using the latest sous vide automobile or some other cooking gadget.

Source: https://www.tomsguide.com/news/hackers-trying-to-access-lastpass-accounts-what-to-do

Posted by: martinezthercits.blogspot.com

Share this post