Further investigation into possible hacker breaches of LastPass accounts via so-called “credential stuffing” revealed that LastPass was a little premature in its conclusion. LastPass’ systems themselves generated the alerts.
The controversy surrounding possible hacks of LastPass accounts by third parties has unexpectedly taken a new turn. While the company initially indicated that the uptake in the number of breach alerts may have been the cause of hackers using so-called ‘credential stuffing’, a completely different cause was later discovered.
Cause in own systems
Further investigation, according to a more extensive version of LastPass’ statement, shows that the security alert emails were generated by LastPass’ own systems. These alerts were then sent to a limited subset of LastPass users.
LastPass now confirms that these security alerts were created by an error. However, it is not stated in the statement why this happened. In any case, LastPass has now modified its systems for sending security alerts so that repetition is no longer possible.
Some users still skeptical
Whether this will convince LastPass users remains to be seen. Out posts on social media several end users still have their doubts. They also have trouble recovering their accounts.
