There is apparently a large-scale attack going on against #LastPass accounts, login attempts using the correct master password. LastPass claims it to be credential stuffing, yet people on Hacker News report using unique and strong passwords.
People on Hacker News are comparing lists of browser extensions, but I’d consider this an unlikely source. If a malicious or vulnerable browser extension compromised your LastPass master password, the attackers don’t need LastPass to get the rest of your passwords.
A Mastodon instance for info/cyber security-minded people.