LastPass confirmed that several of its users were sent email alerts last week informing them of unauthorized attempts to log into their accounts, which resulted from an attempted credential stuffing attack that involved threat actors attempted to use previously validated credentials to log into a number of user accounts, CNET reports.
LastPass Vice President of Product Management Dan DeMichele assured users that the issue has been resolved and they have modified their security alert systems.
[At] this time we have no indication that any LastPass accounts were compromised by an unauthorized third-party as a result of this credential stuffing, nor have we found any indication that users' LastPass credentials were harvested by malware, rogue browser extensions or phishing campaigns," according to DeMichele. “However, out of an abundance of caution, we continued to investigate in an effort to determine what was causing the automated security alert e-mails to be triggered from our systems.”
LasPass added that it would continue monitoring for malicious or other unusual activities and take further steps to enhance its security measures.