We recently called attention to a fraudulent app on the Apple App Store that was impersonating our legitimate app. For any customers who may have accidentally downloaded the fraudulent app impersonating LastPass and want to take precautionary measures, we created the below guide with actions you may want to consider:
- First, change your master password – especially if you entered it in the fraudulent app. Instructions on that can be found here.
- Second, if you have not already, enable MFA for your account. Instructions for which can be found here. We recommend you enable MFA under any circumstances as an extra layer of protection for your account (irrespective if you downloaded the fraudulent app).
- Third, check your LastPass account history for unexpected activity. Your account history contains data (e.g., logins and events, IP address(es) associated with each login, the method by which your account was accessed) that may help you identify unexpected activity. You can view your account history by following the instructions here.
- You could compare your IP address(es) against your account history. You will need to know the IP address(es) from which you typically access your LastPass account. You can find this by visiting an IP checked site (like https://www.whatismyip.com) from the devices you typically use to access your account and note those IPs.
- While an unexpected IP address may not indicate malicious behavior (e.g., you may have been travelling at the time of accessing your account), it can be an indicator that a particular login or attempted access is worth investigating.
- You can also check for unexpected devices. For instance, if you typically use an iPhone but your account history lists that an Android device attempted to access your account, this may be an indicator of malicious activity.
- In the event you notice unexpected activity, you may want to consider updating passwords and sensitive information in your vault to ensure your accounts and data remain secure and solely under your control. This proactive step helps keep your data safe and gives you peace of mind. Instructions on how to update account passwords using LastPass can be found here.
- Fourth, turn on dark web monitoring, if you have not already and it is available for your subscription level. The dark web monitoring feature evaluates email addresses saved in your vault and alerts you if any of your email addresses have been found in the database of credentials breached in third-party security incidents. More information and instructions on how to turn on dark web monitoring can be found here.
- Finally, update any account passwords you may have added to the fraudulent app and enable MFA on those accounts, when possible. Out of an abundance of caution, data entered into that app should be considered exposed. Instructions on how to update these account passwords using LastPass can be found here.
Taking these actions may help reduce the risk in the event your data may have been exposed by the fraudulent app. If you are a Premium, Families, or Business user, you can also contact Customer Support directly with further questions.
