Received an email today about the LastPass security incident, allegedly from LastPass, with instructions to go to a website and verify my identity, change my master password.
HOWEVER:
I am not a LastPass user
The website the email sends me too has unverifiable credentials for SSL
The extended email headers do not identify the sender as LastPass
Otherwise looks very authentic
So I reported it as a fraud site via Opera
But I may have tried and discarded Lastpass at some point in the past, so ?
I just mailed someone from the LP team, will post back here as soon as I got an answer. The cert is legit on my side as well. Still doesnāt explain why sded got the mailā¦
oh okay that was edited and I missed itā¦ either he registered or didnāt. Thereās no such thing as ātry itā first and then discard it with LP. Thereās a premium version, but the common version is free and is not time restricted, even if you donāt use it.
edit: I just sent a link to sded if he wants or needs to delete his account.
Now perhaps lastpass will fix their SSL certificate trust issue somewhere along the way also. Even if I have an account I donāt trust the site, since Opera told me not to. But I will look for and cancel my account if I can get them to send me a password again.
Updated certificates with current Opera 11.10 . FF also makes a remark about untrusted (class 2) CA, but nothing as dramatic as Opera. Appears to be good for encryption, but not everyone agrees it should be trusted.
I sort of forgot that I use starfield communication certificates (division of godaddy/certificatesforexchange.com?) for my exchange server here at work, so itās possible that their certificate is already installed as a trusted root for me, which is why Iām not getting any certificate errors on that site.