Of course, all of this is locked behind a master password, like the key to a vault, which means that unless someone else has that key, they won’t be able to access your passwords. Unfortunately for LastPass users, they are reporting on Hacker News that they have received notifications of login attempts using their master passwords.
Some users are reporting that even changing their master password doesn’t seem to help as bizarrely enough, they still get login attempt notifications even after the password change. However, in a statement made to AppleInsider, LastPass spokesperson Meghan Larson says that they have not been breached.
According to Larson, “LastPass investigated recent reports of blocked login attempts and we believe the activity is related to attempted ‘credential stuffing’ activity, in which a malicious or bad actor attempts to access user accounts (in this case, LastPass) using email addresses and passwords obtained from third-party breaches related to other unaffiliated services.”
That being said, if you do use LastPass, you should probably enable two-factor authentication so that even if your master password has been leaked, hackers won’t be able to get into your account, unless for some reason they have access to your phone or authenticator device.