Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
LastPass users warned their master passwords are compromised
#1
Quote:Many LastPass users report that their master passwords have been compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations.

The email notifications also mention that the login attempts have been blocked because they were made from unfamiliar locations worldwide.

"Someone just used your master password to try to log in to your account from a device or location we didn't recognize," the login alerts warn.

LastPass says it's credential stuffing
LogMeIn Global PR/AR Senior Director Nikolett Bacso-Albaum told BleepingComputer that "LastPass investigated recent reports of blocked login attempts and determined the activity is related to fairly common bot-related activity, in which a malicious or bad actor attempts to access user accounts (in this case, LastPass) using email addresses and passwords obtained from third-party breaches related to other unaffiliated services."

"It’s important to note that we do not have any indication that accounts were successfully accessed or that the LastPass service was otherwise compromised by an unauthorized party. We regularly monitor for this type of activity and will continue to take steps designed to ensure that LastPass, its users, and their data remain protected and secure," Bacso-Albaum added.

However, users receiving these warnings have stated that their passwords are unique to LastPass and not used elsewhere. BleepingComputer has asked LastPass about these concerns but has not received a reply as of yet.

While LastPass didn't share any details regarding how the threat actors behind these credential stuffing attempts, security researchers Bob Diachenko said he recently found thousands of LastPass credentials while going through Redline Stealer malware logs.

BleepingComputer was also told by LastPass customers who received such login alerts that their emails were not in the list of login pairs harvested by RedLine Stealer found by Diachenko.

https://www.bleepingcomputer.com/news/se...mpromised/
[-] The following 1 user says Thank You to Imran for this post:
  • harlan4096
Reply
#2
Additional Info: https://www.ghacks.net/2021/12/29/lastpa...-accounts/
[-] The following 1 user says Thank You to harlan4096 for this post:
  • Imran
Reply
#3
update

LastPass says no passwords were compromised following breach scare

Quote:LastPass says there’s no evidence of a data breach following users’ reports that they were notified of unauthorized login attempts, as reported by AppleInsider. The password manager maintains that it was never compromised, and users’ accounts haven’t been accessed by bad actors.

https://www.theverge.com/2021/12/28/2285...each-scare
[-] The following 1 user says Thank You to Imran for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
GFYI [Official] NoVirusThanks OSArmor P...
Big thanks to the or...pisondi — 18:51
AMD Ryzen 7000: Up to 16 Cores, AVX-512 ...
Robert Hallock ...harlan4096 — 08:30
Sumatra PDF 3.4.2
SumatraPDF version ...harlan4096 — 08:24
NoVirusThanks OSArmor v1.7.0
NoVirusThanks OSAr...harlan4096 — 08:22
360 Total Security 10.8.0.1456
360 Total Security...harlan4096 — 08:20

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>