The automatic password managers have become more and more important in our digital lives as the number of services and accounts we are forced to use on a daily basis increases. LastPass is one of the most famous and popular , which in the last period is experiencing a transition.
LastPass recently changed its account management policies, in favor of an increase in paid subscriptions by restricting the features offered to those who use free accounts. In the last few hours some disturbing news has emerged for some users of the service, who have been forced to force their master passwords without any apparent explanation.
LastPass, like many other password managers, stores the password archive of its users on its servers but access to the LastPass account is protected by a Master Password without which you cannot access all the passwords synchronized with your account. This master password would not be stored on the company's servers.
In the last few hours, there have been many reports from LastPass users who received an email stating that an attempt was made to access their account via the Master Password. A very disturbing message because it portends a possible theft of all the passwords stored on the manager and consequently of all the accounts linked to them.
Fortunately, these accesses were blocked because the lack of confirmation of the geographical position . However, it remains to be explained how it was possible that the Master Passwords were leaked. Someone could insinuate that LastPass servers have been hacked and that the company has also memorized the Master Passwords.
LastPass has specified that on its servers no anomalous activity has been detected and that the theft of the Master Passwords could be a consequence of illegal activities on other services . Services on which users have used as their own password the Master Password object of the theft.
The situation still remains uncertain : on the one hand it is difficult not to believe in the good faith of LastPass, on the other hand it is difficult to believe in the coincidence in which many users have used the same Master Password on various services and that they have suffered a violation of accounts not connected to LastPass.