Password vault investigation reveals no evidence of credential filling activity
After the recent surge in blocked login attempts, LastPass launched an investigation.
Email notifications sent to pre-registered email addresses are usually sent after trying to log in from a different browser version, device, or location.
Users who receive these emails will be invited to go to the link to confirm that the attempted login is valid.
When LastPass noticed an unexpected increase in the incidence of blocked access to e-mail, it initially suspected that this might be the result of a “base hit” attack.
Keep up to date with the latest password security news and analysis
Credential stuffing attacks involve attempts to access target accounts using email addresses and passwords obtained from third-party vulnerabilities.
This strategy relies on the insecure habits of too many consumers who use the same password and login combination on multiple sites.
in a Yesterday’s blog post (December 28), LastPass stated that the early results of its investigation showed no evidence that any of its users’ accounts have been hacked or otherwise compromised.
We quickly proceeded to investigate this activity. There is currently no indication that any LastPass account has been compromised by an unauthorized third party due to these credential filling attempts, and no indication that the user’s LastPass credential is caused by malware, rogue browser extensions, or Phishing activity.
Follow-up work on cloud-based password management services has shown that the surge in blocked password email notifications is the result of system failures rather than any malicious activity.
“Our investigation found that some of the limited subset of security alerts sent to LastPass users may have been triggered in error,” explained Gabor Angyal, senior director of engineering at LasPass. “As a result, we adjusted the security alert system and this issue has been resolved.”
You might also like Ubisoft confirms “Just Dance” video game data leak
