Security News

A screenshot of the fake LastPass app in the Apple App store. "Upon seeing the fake 'LassPass' app in the Apple App store, LastPass immediately began a coordinated and multi-faceted approach across our threat intelligence, legal and engineering teams to get the fraudulent app removed," Christofer Hoff, chief secure technology officer for LastPass, told The Register Thursday.

Read on to compare LastPass Free and Premium plan features. Both the LastPass Free and Premium plans allow you to generate, save and autofill an unlimited number of passwords across websites and online applications in the LastPass Vault.

LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. As LastPass is used to store very sensitive information, such as authentication secrets and credentials, the app was likely created to act as a phishing app and steal credentials.

A fraudulent app named "LassPass Password Manager" that mimics the legitimate LastPass mobile app can currently be found on Apple's App Store, the password manager maker is warning. "The app in question is called 'LassPass Password Manager' and lists Parvati Patel as the developer. The app attempts to copy our branding and user interface, though close examination of the posted screenshots reveal misspellings and other indicators the app is fraudulent," says Mike Kosak, Senior Principal Intelligence Analyst at LastPass.

LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. "Historically, while a 12-character master password has been LastPass' default setting since 2018, customers still had the ability to forego the recommended default settings and choose to create a master password with fewer characters, if they wished to do so," LastPass said in a new announcement today.

In this comparison between Bitwarden and LastPass, we explore their features, security, ease of use and pricing. Find out which password manager is best for you.

Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents. According to a tweet by ZachXBT on X, the threat actors stole $4.4 million from 25+ victims due to a LastPass breach in 2022.

Remember last November, when hackers broke into the network for LastPass-a password database-and stole password vaults with both encrypted and plaintext data for over 25 million users? Well, they're now using that data break into crypto wallets and drain them: $35 million and counting, all going into a single wallet.

LastPass password manager users have been experiencing significant login issues starting early May after being prompted to reset their authenticator apps. Since then, numerous users have been locked out of their accounts and unable to access their LastPass vault, even after successfully resetting their MFA applications.

CISA has added an almost three-year-old high-severity remote code execution vulnerability in the Plex Media Server to its catalog of security flaws exploited in attacks. Attackers with "Admin access to a Plex Media Server could abuse the Camera Upload feature to make the server execute malicious code," according to an advisory published by the Plex Security Team in May 2020 when it patched the bug with the release of Plex Media Server 1.19.3.