LastPass Users Warned After Suspicious Login Attempts From Strange Locations
LastPass users have been alerted to a potential cybersecurity risk on the platform that may have compromised passwords, payment cards, and other sensitive data. LastPass, a password management app, detected suspicious login attempts almost immediately, and was able to take action against the unauthorized access. The attacker was allegedly attempting to sign in from an unrecognized location, allowing IT teams to identify the risk and block the attacker. However, LastPass advised that all of its users take a look at their log in histories immediately to ensure that their accounts were not accessed.
LogMeIn has been investigating the incident and has ties it to bot-related activity. In particular, the cybersecurity incident seems to be a credential stuffing attack, in which a threat actor uses a database of credentials acquired through other breaches and attempts to sign in to website or app accounts and steal sensitive data. Some of the impacted LastPass users, however, reported that they were using a unique password as their mater key on the platform. Therefore, it is possible that other malware was involved in the operation, such as the Redline Stealer malware that targets username and password data stored in browsers like Chrome, Edge, and Opera. Security researcher Bob Diachenko was reportedly able to confirm that there were LastPass master passwords in extensive log files related to Redline Stealer.