Password manager LastPass is under fire. In recent days, hackers made several attempts to break into the password vaults of LastPass users. According to the password manager, credential stuffing is at the base of the attacks.
Users of LastPass reported break-in attempts into the digital safes designed to store their master passwords. No harm seems to have been done thus far: suspicious login attempts were automatically blocked because of their unknown location of origin.
Affected users were made aware of the attempts through automated notifications from LastPass, stating someone sought access from an unknown location. As always, the location is difficult to pinpoint due to the widespread use of proxy servers.
Credential stuffing
LastPass has since been manually notified. The password manager confirms an increase in suspect login attempts. LastPass says the cause boils down to credential stuffing. Credential stuffing involves hackers using e-mail addresses and passwords from various data breaches. Breached credentials are input in various systems in hopes of exploiting users that use an identical password for multiple services. As such, users that never use the same password twice are not at risk.
LastPass’ further investigation shows that the attacks have not caused any breaches yet. Naturally, LastPass recommends using strong and unique passwords for its tool.
Split from LogMeIn
In other news, LastPass recently announced that it will split from parent company LogMeIn to become an independent company in 2022. In doing so, the password manager hopes to accelerate its development. The primary goals are improving its customer experience and single sign-on and multi-factor authentication service.
35 minutes ago
