NET executable, which is ridiculously easy to reverse-compile back to C# (not just assembly) so you can even check that I'm distributing an exe that does the same thing as the code I published. It's very short and simple and rather easy to review. There was no 1Password to LastPass importer at the time I wrote that (believe me, I looked because I have better things to do than write apps to benefit a commercial entity like agilebits otherwise), and of course the code is published on GitHub and released under the MIT license. There are 2 separate users in the thread below confirming that the same exact same thing happened to them, from the exact same IP range as me.Įither the 3 of us had the same malware/Chrome extension or somehow had our master passwords compromised.? Or.? Is this a LastPass issue? I also talked to LastPass support over the phone, and they confirmed seeing the same information. the email was truly not phishing - the same information regarding the login attempt appears in my LastPass dashboard. That's scary too - what's the point of a 2FA you can remove.? The LastPass account had 2FA set up, but I was able to simply remove it (since I didn't have access to the token anymore). was the login attempt actually using my master password? Is there some LastPass extension installed on some computer still having a valid auth token allowing them to login as me to LastPass.? If that's the case, I'm in a world of hurt.īut are there any other possibilities? Is the email from LastPass accurate i.e. I can imagine that someone has my KeePassX file and the (completely different) password to this file. What troubles me is that the master password was stored in a local encrypted KeePassX file.
The email doesn't look like it's a phishing attempt. According to an email I received from LastPass, this login was using the LastPass account's master password.
LastPass blocked a login attempt from Brazil (it wasn't me). I've just had a bizarre thing happen and wanted to see if the HN community could come up with some theories as to what happened.
0 kommentar(er)
