sentry alert

Have questions about LastPass, or having problems using it? Ask for help here!

Moderators: admin, Israel, anatoly_LP, chantieLP, robyn, JoeSiegrist

sentry alert

Postby john721 » Sun Jan 20, 2019 12:01 pm

Hi, I,just got this email from lastpass
I cant recall having an email of this type before - one item goes back to 2016

What should I do about them ?

Email: Hello ****@************************ (I've left data blank for security)

The results of the data compromise report you have requested are in the table below.

We are showing 3 exposures, with 3 of them being new since the last time this was run.

The new exposures are in bold below.
________________________________________
2016-07-31
exploit.in database compilation
________________________________________
2016-12-23
Anti Public
________________________________________
2018-11-27
Unknown source (2018-11-27 23:15:58)
john721
 
Posts: 1
Joined: Sun Jan 20, 2019 11:50 am

Re: sentry alert

Postby Goalieguy16 » Tue Jan 22, 2019 11:02 am

I would also like some direction in regards to this email. I haven't had any issues with exposures since I started using LastPass, now all of the sudden it says I have eleven!? There is not enough relevant data tied to each exposure for me to do anything to rectify it. Assistance needed ASAP please!
Goalieguy16
 
Posts: 2
Joined: Tue Jan 22, 2019 10:58 am

Re: sentry alert

Postby FlyingHawk » Tue Jan 22, 2019 1:30 pm

Using LastPass doesn't prevent the sites you use to leak your data. Data breaches are very common nowadays.

LastPass flags "compromised passwords" based on the site URL only, it doesn't check whether your username/email or password are actually in the breach.

LastPass Sentry alerts you of an exposure based on your email only.
Because some leaked data dumps contain email+password pairs only, and have no info on the source website, you may receive an exposure alert without seeing any site in your vault flagged as "compromised".

LastPass doesn't check if your actual passwords are in any breaches/dumps, because the service LastPass uses to check for exposures doesn't provide a secure interface/API to check passwords.

To provide more concrete information, LastPass has to implement a secure way to check whether our actual passwords are in a breach or data dump.
One such service (and probably the only one) is "Pwned Passwords" from "Have I Been Pwned" (HIBP):
https://haveibeenpwned.com/Passwords

You can join other users to request LastPass to integrate HIBP here:
viewtopic.php?f=7&t=321495
Please also open a support ticket to voice your request:
https://lastpass.com/supportticket.php
It's important to open a support ticket, because the forum is basically abandoned by LastPass.

You can read some more details (my posts) here:
viewtopic.php?f=7&t=321495&start=40#p1076505
viewtopic.php?f=7&t=321495&start=50#p1076845
FlyingHawk
 
Posts: 740
Joined: Wed Mar 18, 2015 12:04 pm


Return to General Support & Troubleshooting

Who is online

Users browsing this forum: Google [Bot] and 37 guests