Several LastPass users reported Tuesday that their master passwords appeared to be compromised after receiving warnings of login attempts from unknown places.
Users of the service have taken to social media claiming they received emails from LastPass about blocked login attempts from unrecognized devices or locations. But LastPass said the reports stem from users who have reused their LastPass master password on other accounts, and that its systems have not been breached.
Nikolett Bacso-Albaum, PR/AR Senior Director for LastPass parent company LogMeIn, said in a statement to BleepingComputer that the reports are "related to fairly common bot-related activity" in which unauthorized users try to log into LastPass users' accounts using email addresses and passwords from "third-party breaches."
"We do not have any indication that accounts were successfully accessed or that the LastPass service was otherwise compromised by an unauthorized party," Bacso-Albaum added. "We regularly monitor for this type of activity and will continue to take steps designed to ensure that LastPass, its users, and their data remain protected and secure."
LastPass allows users to manage the dozens of passwords required to access different online accounts through a master password to its service, which can generate strong one-time passwords for those accounts. A compromised master password could therefore give someone access to multiple accounts.
Climate TRACE's data show emissions at the facility-level.Image: Climate TRACE