Made Last pass get hacked?
Multiple users of the popular password manager I recently received emails from the company warning them of suspicious login attempts that used their master password, which is never a good sign. Some users also claimed that they had not shared their password with any other platform except LastPass, and speculation soon spread that the company may have suffered a data breach that exposed login credentials, allowing it to be carried over. carry out malicious activity.
The news first broke out on the popular forum. Hacker news before spreading on Twitter:
Password managers, which are useful tools to store all your web credentials in a centralized, supposedly secure location known to have serious security vulnerabilities, such as those that could hypothetically lead to hacking incidents. LastPass has had its fair share of these problems, actually. In some cases, like with Passwordstate last summer, the resuIts security shortcomings can be quite disastrous.
In this particular case, where users’ master passwords were compromised (master PW are used to log in to the admin yourself and thus access the rest of a user’s passwords) the inclination to believe that the company made a mistake somehow is strong.
But are claims against LastPass valid? According to LastPass itself, the answer is: We don’t think so. When Gizmodo requested comment, the company provided us with a statement blaming the irregular activity on “credential stuffing“Attempts by some unknown threat actor:
LastPass investigated recent reports of blocked login attempts and we believe the activity is related to an attempted “credential stuffing” activity, in which a malicious or malicious actor attempts to access user accounts (in this case, LastPass) using email addresses and passwords obtained from third parties. – Breaches of third parties related to other unaffiliated services.
The company goes on to claim that it has not seen any evidence of actual hacking of its servers or even compromise of individual accounts:
It is important to note that, at this time, we do not have any indication that the accounts were successfully accessed or that the LastPass service was compromised by an unauthorized party. We regularly monitor this type of activity and will continue to take measures designed to ensure that LastPass, its users and their data remain protected and secure.
So, according to the company, they have not seen any evidence that they have leaked user data, or that a hacker has even managed to trap their accounts on user accounts. If you are a LastPass user and that sounds like cold comfort, a good move would probably be be to activate multi-factor authentication. MFA can add an extra layer of protection against credential stuffing and other similar types of attacks, so that’s probably a good thing regardless.