Users of LastPass, the password management service, are warning that their master keys, used to access all credentials registered to their accounts, have been compromised and modified after receiving an email alerting them to login attempts from uninformed places .
The message warns you that the master password was used to try to log into the account at known locations around the world. The same alert also says that the attempts were blocked.
According to information obtained by the BleepingComputer website, these notifications appear to originate from the normal behavior of bots, which attempt to access accounts from credentials obtained by third-party leaks, which can be marketed on the deep web or dark web.
Want to catch up on the best tech news of the day? Access and subscribe to our new youtube channel, Kenyannews News. Every day a summary of the main news from the tech world for you!
According to data obtained by security expert Bob Diachenko, several credentials for the service were found in Redline Stealer virus logs, giving more credence to the theory that the information was stolen and made available in environments frequented by cyber criminals.
The company, in turn, defends itself and claims that there was no leak of passwords and that the access attempts came from crossing leaked data from other services that are not linked to LastPass. It would be a practice known as “credential stuffing”, in which someone discovers a combination of credentials that has been leaked from one site and tests it on several others, relying on the fact that many reuse their passwords.
Difficulty mitigating the problem
LastPass users commented on social networks that, when trying to delete their accounts from the service, they ran into errors that prevented the action from being taken. Furthermore, when they changed their password, they received emails a few hours later informing them of a new credential modification.
someone tried my @LastPass master password earlier yesterday and then someone just tried it again a few hours ago after I changed it. What the hell is going on?
— Valcrist (@Valcristerra) December 28, 2021
Even though the attacks are not the result of a leak, it is still recommended that LastPass users enable two-step verification on their accounts.