Unauthorized login attempts

One of my clients has seen uptick in failed llogin attempts. They're coming from IP addresses all over the world but seemed to start in Budapest Romania. It appears someone may have obtained a list of LogMeIn userIDs (or email addresses) but doesn't have the passwords. Is anyone else seeing this? Any theories?

We've taken the following defensive measures in LogMeIn:

Settings > Account Settings, > Password > Change

Settings > Account Settings > Security section:

o Audit Log > View: Check for suspicious activity

o Email Notifications > Change: Confirm email address Enable (check) all checkboxes.

o Two Step Verification: Switch On

o Trusted Devices > View Devices to check for unknown devices

Settings > Security > Enable all the Audit Settings checkboxes.

Any additional suggestions welcome.

Find more posts tagged with

Accepted answers

M_LMI

Hello @TaprootSecurity and @Anon38262,

Thank you for your posts.

We understand your concerns and would like to confirm that no breach took place on our end. Log in testing based on password reuse is usually connected with third party data leaks and security incidents.

You can also set up Two-Step Verification by logging into your account and following this path: Settings> Account settings> Security> Switch on two-step verification and follow the steps to pair an app or receive a text message.

Thank you

All comments

shaggysan_

I canceled my account because of the massive price increase from for logmein central. Almost immediately after my account went inactive I started getting emails notifications every few weeks with attempted logins from foreign countries I have never done business with. I am Based in the US and I keep getting attempted logins (invited and regular user login fails) from Xi'an China , Hanoi Vietnam , Anápolis Brazil , and from a few African counties somewhere. Some of the admin users that had logmein still loaded on their pc's also would get failed attempted login popups. I uninstalled all instances of logmein on all customer and working computers.

I never had any failed login attempts from foreign areas until I cancelled my account. So did somebody at logmein do this? I find it very very hard to believe that its just a coincidence and that something third party related happened.

MrPi

What they mean is that they have screwed up somehow but are unwilling to officially own up to it. That’s why they need to keep doubling their subscription fee, so they can afford how much we will all be suing them for

Alice_redhat

We have had 2 failed attempts on 2 different users in the last week (one from the Philippines and one from Korea). Would you explain your statement of "password reuse is usually connected with third party data leaks and security incidents" in more detail?

We have not had any security breaches on our system (fortunately) and I'm not clear what third party would have access to our Logmein user accounts.

floridauser941

Our logmein account was accessed last night. They had the email and the password. Absolutely no emails of failed attempts. Access was from China as well. We are planning on stopping our subscription.

Anon118525

I just got one from China. I do not believe email addreesses can be easily and randomly generated. So somehow they got my email address.

M_LMI

Hello @TaprootSecurity and @Anon38262,

Thank you for your posts.

Thank you

Anon38262

Just had one from China.

I have been a LogMeIn user for nearly as long as it exists and this is the first time a 3rd party ever made an attempt or guessed my email address.

I agree it is suspicious that somone might be attempting random email addresses in search of LogMeIn users and their membership list may have been compromised.

Of note is that I just recently updated my paid PRO subscription. Perhaps something in the billing system was compromised.

Thanks for your tips - I implemented them immediatly.