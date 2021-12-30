L’LastPass password manager app, used as a safe to protect the passwords of each user through a single master key, called “master password”, it would have been the victim of a vast operation to try to access the data of the subscribers. According to initial findings, dozens of users would have received emails warning of an attempt to access unauthorized accounts, promptly blocked. To link the activities, a series of Brazilian internet addresses, from which the operations would start.

Meanwhile, while the reports followed one another both on the forum of Hacker News that with various posts on Twitter, LastPass reassured subscribers to the service, stating that no data was stolen. “LastPass reviewed recent reports of blocked login attempts and we believe the activity is related to a credential stuffing. At present, we have no indication that account access has been successful or that the service has been compromised by an unauthorized party. ” The assumption of the app is therefore that the emails were initiated by mistake, due to a technical problem.

Reports from multiple countries

Reports began to crop up on the Hacker News forum after a LastPass user creates a post to highlight the issue, stating that LastPass warned him of a login attempt from the Brazil using his master password. Other users quickly responded to the post, noting that they experienced something similar. As the original poster points out @technology_greg in a tweet, some were even warned of an attempt from the Brazil, while other attempts have been traced back to different countries. This, understandably, raised concerns that a breach had occurred.

The emails immediately made us think of a direct attack on “master passwords”, through the “credential filling” technique that uses automated software capable, in a few seconds, of trying millions of combinations between username and secret keys, hoping to achieve the correct mix to access the profiles. Names and passwords come from other breaches on the net, which people often don’t even know they are the victim of. For this reason, experts always advise not to use the same combination for multiple sites and apps.

The hypothesis: a simple technical error

Representatives of LastPass they explained that they immediately investigated the facts “And at the moment – they clarified – we have no indication that LastPass accounts have been compromised by an unauthorized third party because of this filling of credentials, nor have we found any indication that credentials LastPass have been collected by malware, unauthorized browser extensions or phishing campaigns “. However, the investigations continued, in an attempt to determine what caused the systems automated security alert emails to be triggered.

It emerged, as stated by the same LastPass, that some of these security advisories would have been “probably activated by mistake”. “As a result – he added -, we have adapted our safety warning systems and now this problem has been solved”. The app also reiterated that the LastPass’s zero-knowledge security model means that at no time does LastPass memorize, know or have access to the users’ main passwords. “We will continue to monitor unusual or harmful activity on a regular basis and, if necessary, we will continue to take steps to ensure that LastPass, its users and their data remain safe and secure,” the app concluded.

