I wanted to post this over a week ago (7-24, according to my computer when I screencapped the relevant messages) but life's got a way of getting in the way. I'll assume (though perhaps in error) that it's untriaged/unfixed/unpatched after doing a quick search on Google, but I'm not going to trawl the results any deeper tonight; if this is a dupe report or has already been fixed I might find out and update this post at some later point.
Anyway, it starts out like this: you switch your IP address to a new one (in our case that's because our Comcast modem, the one I need both arms to carry around, took a crap on us last week, so now we're working on the third iteration of this modem in the past year, with a different IP) and LastPass suddenly doesn't recognize the device you're on or the location you're at (it's not sure which), though it's the same device as always (my HP laptop, which has somehow lived another year without the graphics card destroying itself like the last one did, though pixels are beginning to blow out left and right).
When the LastPass add-on (in Firefox latest on Win 10 Pro - not an Insider build) sees your new IP address as a "new device" or "new location" (though that sounds like a bug in itself, it's not the bug I'll be talking about) it looks like this:
The text in the info bar my screen got splashed with says (emphasis mine): "LastPass doesn't recognize this device or you are at a new location. Please check you email to grant access to your new device or location."
See the part where LastPass asks me to check my email? Which means I should literally be unable to use LastPass to log into websites until that one little detail is taken care of? Heh, about that...I just ignored or dismissed the infobar (I forget which), opened the LastPass add-on dropdown menu and finished logging into my Live account like nothing had happened. No checking my email. No granting access. I just went on and used LastPass normally. Which I should not have been able to do!
After logging in, I checked for the email from LastPass just to see what it said, because them even sending it was like, totally useless. It looks like this:
This is where things get funny - if your idea of a good time is when your device gets stolen and your online security is compromised by, of all things, not the thief, but a buggy password manager. What a laugh! The email reads (emphasis mine): "Someone, hopefully you, recently tried to login to your LastPass account from a device or location that we did not recognize. We prevented access until you have reviewed the details of the login attempt."
See the part where LastPass tells me they prevented access until I could review details of the login attempt? Lies, tall tales, and made-up stories because they prevented nothing. I could use LastPass just by continuing to use it. I saw a few more infobars saying the same thing, but I just kept ignoring or dismissing them and like, logging into things. Which, again, I should not have been able to do!
I'm posting this mostly to remind myself to check the LastPass forums and search results more deeply one day for any other news of this issue, and to warn anyone else who comes across this post who might also be using LastPass.