|
|
|
|
|
|
by kevinslashslash
1631 days ago
|
|
|
The original response was essentially blaming affected users, saying it was credential stuffing. Now they changed their story. If there is any credibility to the credential stuffing story, they should ask all users that received the email change password, not just say change it out of an abundance of caution. Obviously something changed as the emails just started going out recently. Maybe it was a recent code change introducing a bug on their end, that's fine software has bugs, but they could explain it. Maybe attackers are doing something different, which is triggering an old bug causing incorrect emails. Or maybe LastPass still doesn't really know and is just giving a potential reason, like they did earlier saying it was credential stuffing. I'd already stopped using LastPass years ago and deleted my account when this current mess started, so they weren't really going to win me back anyway. But the (current) response to this incident leaves plenty of unanswered questions. |
|
|