Password manager LastPass is under attack from hackers. In recent days, several attempts have been made to break into the digital vaults of end users using master passwords. According to the password manager, this concerns so-called ‘credential stuffing’.
Recently, end users of password manager LastPass complained that their master passwords were attempting to break into their digital vaults containing passwords. The login attempts were automatically blocked because the login attempts were made from an unknown location.
Notifications
Affected end users became aware of the intrusion attempt because LastPass automatically sent a notification informing you that someone has accessed from an unknown location. The login attempts came from, among other things, an anonymized proxy server and from IP addresses from Brazil.
Credential stuffing
LastPass has since been informed and has found that there is indeed a small uptake in login attempts of this type of action. The password manager attributes the cause of these hacking attempts to so-called ‘credential stuffing’. In doing so, hackers use email addresses and passwords from other breaches. They then try to hack into LastPass ‘by chance’. Especially those users who use their master password for several other sites are at great risk.
Further investigation by the password manager shows that there have been no breaches yet. LastPass does recommend using strong and, above all, unique passwords for its tool.
LogMeIn Spinoff
It was also recently announced that LastPass will be spin-off from parent company LogMeIn in 2022 and become an independent company. With the privatization, the password manager is more capable of further development, according to the parent company. This includes improving the customer experience and further developing services for single sign-on and multi-factor authentication.
