Apple has removed a fraudulent application from the App Store that was posing as LastPass, a popular password management app, in an attempt to deceive users. The fake app mimicked LastPass's icon and interface design, but was promptly removed once detected. This incident serves as a reminder to exercise caution when downloading apps, even from trusted sources like the App Store, and to verify the legitimacy of developers and app reviews. LastPass, known for enhancing cybersecurity by providing secure access to various accounts without the need for passwords, has also been strengthening its security measures in response to past breaches.
Apple's App Store guidelines prohibit impersonating other apps or services, with violators facing removal from the store and revocation of their developer account. Despite occasional slip-ups, Apple has actively terminated hundreds of thousands of developer accounts for potentially fraudulent activity, with a decline in such cases in 2022 due to new prevention methods and protocols. Developers can report imposter apps through official channels, and while the recent LastPass incident garnered attention, Apple's ongoing efforts against imposter apps provide important context.
Linux has a shim problem due to Secure Boot and GPLv3, resulting in a broken shim with serious vulnerabilities. LastPass was banned from the App Store due to a suspiciously similar app. Reports of three million compromised smart toothbrushes used in a DDoS attack were found to be based on a hypothetical scenario, not actual events. Security researchers are facing challenges due to the abundance of honeypots, while undocumented SSH access with a known root password was discovered in some heat pumps. A vulnerability in Mastodon's federated account handling was published, prompting an update to address the issue.
A fake LastPass app, "LassPass Password Manager," managed to slip through Apple's usually stringent App Store review process and was available for download for weeks before being taken down. The fraudulent app attempted to impersonate the official LastPass app and was listed under a different developer name. This incident comes at a time when Apple's app distribution policies have been under scrutiny, with the company releasing new rules in response to the EU's Digital Markets Act. Apple's opposition to the DMA was based on the belief that its walled-garden approach with the App Store keeps consumers safe from bad actors, yet the fake app was approved and available for download despite these concerns.
Apple removed a fraudulent app called "LassPass" from its App Store after LastPass, a password manager maker, flagged it as an impersonation of its brand. The app mimicked LastPass's name and logo and allowed users to enter sensitive personal information, including passwords and financial data. Despite Apple's efforts to promote the App Store as a safe source of apps, the incident raises questions about its vetting process and policies. Another app from the same developer remains on the App Store, and Apple has not provided an explanation for removing the fraudulent app or allowing the other one to stay.
A fake LastPass app, impersonating the popular password manager, managed to slip through Apple's app approval process and make it into the iOS App Store. LastPass has taken action to have the fraudulent app removed, and Apple has confirmed receipt of their complaints. While Apple has a reputation for being a safe place for users to get software, this incident raises questions about how the fake app made it past their security and brand protection mechanisms. Users are advised to be cautious and look for signs of impersonation when downloading apps.
A fake app posing as LastPass was removed from the App Store after being listed under an individual developer's name and copying LastPass's branding. Apple has not commented on the removal. LastPass warned customers about the fraudulent app, which had misspellings and clues indicating its fake nature. Apple has been criticized for allowing the fake app to pass its App Review process, especially as it argues against new regulations that could compromise customer safety and privacy. LastPass is working with Apple to understand how the fake app passed security and brand protection mechanisms.
A fake version of the LastPass password manager has been discovered on the Apple App Store, posing as a phishing app to steal users' credentials. The fake app, named 'LassPass,' closely mimics the genuine LastPass app but has a different publisher and only one rating. LastPass has issued a warning and is working to have the fraudulent app removed. Users are advised to remove the fake app, change their LastPass password, and reset all stored passwords for safety. Despite Apple's stringent app review process, the fake LastPass app remains available on the App Store, raising concerns about the security of the platform.
LastPass is enforcing a new security measure that requires users to set a stronger master password of at least 12 characters, including a special character, a number, and an uppercase letter. This move comes as a response to evolving cyber threats and follows a significant data breach in 2022 where hackers accessed sensitive user data. The company has already been applying this standard to new users or those resetting their passwords since last year, but now it's extending the requirement to all users to enhance the encryption keys for their vault data.
LastPass is enforcing a new security measure requiring all users to have a master password of at least 12 characters. This change, effective from April 2023 for new accounts and password resets, now extends to all accounts to enhance security following two breaches in 2022. The company will also check new or updated master passwords against a database of credentials leaked on the dark web. Additionally, LastPass faced issues with a forced multi-factor authentication re-enrollment process in May 2023. These security updates come after LastPass experienced significant breaches in 2022, which led to the theft of source code and customer vault data, and were later linked to a cryptocurrency theft totaling $4.4 million. LastPass is widely used, with over 33 million individual users and 100,000 businesses.
LastPass is now requiring some users to choose longer master passwords as part of their latest security improvements. However, critics argue that this move is merely a public relations stunt and will not help those whose password vaults were exposed in a 2022 breach. LastPass failed to upgrade many older customers to more secure encryption protections, leaving them vulnerable to offline attacks. The changes implemented by LastPass are not designed to address already stolen vaults, and experts recommend affected users change all their passwords.
LastPass users are reporting being locked out of their accounts after being forced to reset their multifactor authentication (MFA) apps. The company implemented the reset following a series of security incidents last year. Users have found that LastPass does not recognize new MFA codes and they are therefore unable to access their accounts. Master passwords are also not working, and attempts to reset passwords are proving unsuccessful. Many users are frustrated because they cannot access support without being logged into their accounts. LastPass has a support document on its website that details how the reset process works, but failure to follow the instructions can result in accounts becoming inaccessible.
LastPass users have been locked out of their accounts and unable to access their vaults after being prompted to reset their multifactor authentication preference due to planned security upgrades. Affected customers cannot seek assistance from support since reaching out to LastPass support requires logging into their accounts which they can't do because they're locked in an infinite loop of being prompted to reset their MFA authenticator. LastPass says the MFA resets were announced via in-app messages for "several weeks" before the initial announcement.
