Breach?

[lookingaround]

Got this email from LastPass and haven't seen anything from eccie about this. Is this true?

Email content:


Breach alert: Action required

LastPass has detected that your personal data has been compromised in an online breach at another company or service. LastPass itself has not been breached.

FINDINGS
Compromised email: <redacted>
Compromised site: eccie.net
Compromised data: Emails, Passwords, Usernames, IP Addresses, DOBs, Website Activity

IMPORTANT NEXT STEPS
Protect yourself as soon as possible. Please log in to your LastPass vault and follow the instructions on the LastPass Security Dashboard.

[lookingaround]

No comment I guess.

[Anonymous01]

"BREACH!"


"BANG!"


"CLEAR!"


Any questions?

[pmdelites]

yes, LastPass was breached or inadvertently provided public access to some of their data.

as the letter stated, go directly to lastpass.com, login, and follow the instructions. DO NOT click on any link in any email that purportedly goes to lastpass.com.


lots of articles on the web about this 2nd breach - just websearch for "lastpass breach".
one from them: https://blog.lastpass.com/2022/12/no...rity-incident/
bunch more:
https://www.npr.org/2022/12/01/11400...a-breach-again
https://nakedsecurity.sophos.com/202...lts-after-all/
https://www.makeuseof.com/change-all...stpass-breach/

and this: https://mashable.com/article/lastpas...-password-data
"What should LastPass users do about the breach?
According to LastPass, there are "no recommended actions that you need to take at this time," should customers be using the default settings.

However, the site adds that those who don’t use the default settings should consider changing passwords stored there."