LastPass is investigating reports of a possible attack on its servers and
assuring users that it will continue to take steps designed to
ensure that LastPass, its users, and their data remain protected
and secure. However, the company believes the activity is related
to attempted ‘credential stuffing' activity, in which a malicious
or bad actor attempts to access user accounts (in this case,
LastPass) using email addresses and passwords obtained from
third-party breaches related to other unaffiliated services,
according to a statement sent to AppleInsider.
Still, it's a troubling turn of events for one of the premier
password manager on the net. LastPass boasts millions of users of
its service, which stores passwords in an encrypted online vault
accessible on iPhones, iPads, Apple Watches, and Macs. Users access
their vault using a master password, which is what users fear may
have been compromised.
In 2019, LastPass resolved a browser extension bug that could have resulted
in site credentials filled by LastPass to be exposed.
If you have a LastPass account, it's probably a good idea to
change your master password, though some users report suspicious
activity even after changing their password. It's also a good idea
to turn on two-factor authentication, which adds a second login
method (SMS, OTP, or biometric) in addition to your password for an
extra layer of security.