I had the same this morning at 01.09, i.e. a not requested authentication code received. I have just contacted LastPass support and changed my password...
In going through the article you referenced, I get to the step of restriciting to only trusted devices. Is there a way to correlate the string of hex digits to a specific phone r tablet? I find nothing under my phone info IMEI/MAC address/etc that corresponds to the number given for Mobile devices in my valut.
When you log into LastPass using a mobile device, that device is listed in your Mobile Devices list within your Account Settings. For security purposes, your mobile device's label/random identifier (i.e., UUID) is displayed as a string of randomly generated letters in numbers in UUID format. In doing so, LastPass has no record of a mobile device's actual UUID anywhere within our systems. If desired, you can rename the UUID for better recognition by following the steps here: https://support.logmeininc.com/lastpass/help/manage-mobile-devices-using-lastpass-lp030005 (under the "Rename a mobile device's label/random identifier" section)
i currently only use last pass on Pc desktop as Mobile has been disabled unless i buy premium access, ive been using LP for long time however that last couple weeks ive been receiving text messages to my phone from a 703 area code phone number indicating last past verification code in which i am not logging into my account is some one trying to hack my account, my master password should be fine.. not sure whats going on . thanks
Glenn, I also got a Verification Code by SMS without ever asking for it (2021-05-001 22:00UTC) . The login and event history seem way too simple and does not show any SMS event. What else can we do? Is there any UI with failed attempts and requests to send recovery/alternative login option?
I've received two SMS messages in the last four days that appear to be LastPass SMS account recovery codes which I did not request, and my Account History shows two failed login attempts (one from an IP address listed in Poland, one from an IP address listed in the Seychelles) during this time period.
I've got MFA turned on and I'm confident that my Vault is secure, but along with the other recent posts in this thread it does seem like there might be some wider activity from hackers attempting to access LastPass accounts lately. Just posting this to report that I have also experienced what I think are some unauthorised access attempts so that the LastPass staff and other fellow users are aware.