Was LastPass really hacked? And are people really still reusing passwords?

Some LastPass users were alarmed by security warnings at the end of last year. Whatever caused them, it’s a good idea to start 2022 with security in mind.

Janina calendar Jan 20, 2022 book News

Even over Christmas some things never seem to take a break - things like news about the latest major password leak or hacking incident. If you missed what happened with password manager LastPass over the holidays, here’s a quick recap of the (slightly confusing) news and a few reminders about steps you can take to have greater control over your security, including enabling 2FA on your SiteHost account.

Genuine warnings, but no confirmed attack

Last month some users of LastPass, one of the most widely used password managers, received email notifications about login attempts from unrecognised devices and locations. CPO Magazine reported that the notifications contained the alarming warning that, “Someone just used your master password [...but…] LastPass blocked this attempt”.

While the company said that there was no evidence of accounts being successfully compromised, what exactly happened is still a bit of a mystery.

LogMeIn, the company that owns LastPass, initially claimed that the incident could have been triggered by credential stuffing attacks. These occur when login credentials are stolen from one site and tried on another. This was refuted by users who claim they don’t reuse passwords, while others had just changed their master passwords.

Investigations within LastPass ruled out any harvesting by malware or rogue browser extensions. Some independent security experts weren’t so sure, but no smoking gun has been found.

It’s worth noting that the emails were genuine, which rules out the possibility of phishing campaigns. Adding to the confusion, LastPass later said that some of the warnings were sent in error.

Lessons to take from the LastPass security incident

A number of possible cybersecurity threats or breaches could have been involved. Whatever actually happened, this is a good reminder to be cautious when it comes to passwords and security.

By implementing a combination of solutions you can create a robust defence for your passwords and accounts:

How to activate 2FA on SiteHost

SiteHost offers 2FA and we strongly recommend that you enable it for all your accounts. You can activate it with these few steps:

Key Statistics

We have built the infrastructure and support team that your business can rely on, but we'll let the numbers do the talking.

100%

You can rely on us and our uptime. For the last month we are at 100%


Based on data from external third party monitoring. See our Network Status for more. Last updated: Today
45mins

We measure our response time to support tickets in minutes not hours.


Our average response time to support tickets during business hours this week. Last updated: Today
99%

Our customers consistently rate their support experience as excellent.


Based on the last 200 support ratings we have received which are asked for on every ticket. Last updated: Today