After users reported unauthorized login attempts, LastPass said there was no evidence of a data leak. Nikolett Bacso-Albaum, senior director of global communications at LogMeIn, told The Verge that alerts users receive are related to "fairly common bot activity."
He said it involved malicious attempts to log into a LastPass account using email addresses and passwords that the vandals had obtained from vulnerabilities in past third-party services ( i.e. not LastPass ) .
Basco-Albaum said: "It is important to note that we have no indication that the account was successfully accessed or that the LastPass service was compromised by an unauthorized party. We regularly monitor this type of activity and will continue to take measures designed to ensure that LastPass, its users and their data are protected and secured." Even if LastPass isn't actually broken, it's still a good idea to harden your account with multi-factor authentication, which uses external resources to verify your identity before you log into your account.
![The Meta Expanded Bug Bounty Program includes the data scraping category for the first time[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)