LastPass Confirms Credential Stuffing Attack Against Some of its Users

Must Read
Sienna Rowley
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. She is a modest family woman who loves traveling in her free time.

On Tuesday, popular password manager app LastPass said that a threat actor executed credential stuffing against some of its users to obtain access to their cloud-hosted password vaults.

Several users reported that they received a mail from the password manager stating someone used your master password to login into your account from an unrecognized location.

LastPass notification
Mail from LastPass about login attempt | Image Source: Valcrist

Soon the report of compromised LastPass master passwords started circulating on various social media platforms including Twitter, Hacker News, and Reddit.

LastPass Confirms it’s Credential Stuffing Attack

The password manager company is investigating reports of a possible attack on its servers and taking measures to secure the data of its users. The company further said that it believes that the recent activity is associated with credential stuffing activity where the threat actors try to obtain access to user accounts with the help of email addresses and passwords fetched from third-party breaches or unaffiliated services, reports LastPass in its blog post.

Though, LastPass didn’t share any information about threat actors behind these credential stuffing attempts. However, Bob Diachenko, a security researcher identified thousands of LastPass credentials while going through Redline Stealer malware logs.

Furthermore, BleepingComputer reports having been contacted by LastPass clients who received login alerts that their emails were not found in the combo list harvested by RedLine Stealer found by Diachenko.

This signifies that the threat actors used some other means to steal the master password of the users.

In the meantime, LastPass users are advised to enable the multifactor authentication option to access LastPass to safeguard their accounts against keyloggers and other threats.

By enabling multi-factor authentication, the threat actors can’t access your account even if the master password gets compromised.

Sign up for our newsletter to get the latest security news from various tech industries and cyber security firms.

- Advertisement -spot_img
Latest News

SparkyLinux 6.6 Now Available to Download

Debian-based GNU/Linux distro, SparkyLinux has got a new update Sparky 6.6 named as Po Tolo. Based on Debian 11, Sparky...
- Advertisement -spot_img

More Articles Like This