![]() “While we have observed a small uptick in this activity, we are utilizing multiple technical, organizational, and operational methods designed to protect against credential stuffing attempts, Gabor Angyal, senior director of engineering at LastPass, said in a blog post. The whole point of using LastPass is to have different passwords on different sites and services, but in this case, those same users are using a previously used password as their master password for LastPass. Credential-stuffing is a type of cyberattack that involves using stolen account credentials, typically username or emails addresses with corresponding passwords, that are then used to gain access to accounts on other services. LastPass has responded to the reports, saying it has observed a slight uptick in attempted credential-stuffing attacks. But the obvious question is: How were the LastPass master passwords seemingly compromised? That they were blocked is a positive, since LastPass managed to stop the attempts. ![]() The email notifications note that the login attempts have been blocked because they were made from unfamiliar locations. “Someone just used your master password to try to log in to your account from a device or location we didn’t recognize,” the email messages to affected users state. “LastPass blocked this attempt, but you should take a closer look. In some cases, the internet protocol address in the notifications was from an anonymizing proxy service, while in other cases, the IP address was from Brazil. ![]() The threads tell a similar tale: The users had received a notification of people trying to log in using their master password. News of the compromise first emerged Tuesday on social media, including Twitter Inc., Reddit Inc. Some users of password manager LastPass are reporting that their master passwords have been compromised after receiving emails that someone had tried to access their accounts from unknown locations.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |