LastPass has investigated recent reports of blocked login attempts and believe the activity is related to attempted “credential stuffing” activity. At this time, they do not have any indication that accounts were successfully accessed or that the LastPass service was otherwise compromised by an unauthorized party.
LastPass's statement can be found at:
Unusual attempted login activity and how LastPass protects you
What should I do?
LastPass have released a statement detailing the incident and confirm that the current recommendations for managing your master password remain very much the same:
- Make sure that your LastPass Master Password is unique and strong
- Where possible, use Multi Factor Authentication with all services that support it
- More widely, do not reuse passwords
What is credential stuffing?
Credential stuffing attacks are where existing compromised combinations of usernames and passwords are used in order to access services. Where you have reused usernames and passwords you are vulnerable to this form of attack.
It is the advice of Information Security that you should use unique passwords for all services where possible.
Further advice on the use of passwords can be found at: