

was the login attempt actually using my master password? Is there some LastPass extension installed on some computer still having a valid auth token allowing them to login as me to LastPass.? If that's the case, I'm in a world of hurt.īut are there any other possibilities? Is the email from LastPass accurate i.e. I can imagine that someone has my KeePassX file and the (completely different) password to this file. What troubles me is that the master password was stored in a local encrypted KeePassX file. The email doesn't look like it's a phishing attempt. According to an email I received from LastPass, this login was using the LastPass account's master password. LastPass blocked a login attempt from Brazil (it wasn't me). I've just had a bizarre thing happen and wanted to see if the HN community could come up with some theories as to what happened.
