techno.rentetan.com – Data theft was said to have occurred, although the password manager’s maker claims otherwise. Was there a breach at LastPass?
There have been reports of emails being sent to users of a well-known password manager informing them of unusual login attempts using their master password. A data breach at LastPass may have revealed login credentials, leading some users to believe that they had not shared their password with any other platform. This led to widespread skepticism about the company’s involvement in the nefarious conduct.
Hacker News was the first to break the story, and it quickly traveled to Twitter.
Security experts have long warned that popular password managers like LastPass and iCloud Keychain include severe security flaws that might lead to hacking attacks in theory. In fact, these problems have plagued LastPass for some time. In extreme circumstances, like Passwordstate this summer, the consequences of security flaws may be catastrophic.
There’s a strong belief that the corporation botched up in this specific issue, when users’ master passwords were hacked (master PWs are needed to login to the manager and hence access the remainder of a user’s passwords).
How true are the allegations made against LastPass? If you ask LastPass, the response is: We don’t believe it. According to the company’s answer to Gizmodo when we inquired about what was going on, “credential stuffing” was the culprit.
For the past few days, LastPass has been investigating reports of blocked login attempts and we believe the activity is related to attempted “credential stuffing,” in which a malicious or bad actor attempts to access user accounts (such as LastPass) using email addresses and passwords obtained from third-party breaches of unaffiliated services.
This claims that they haven’t found any proof of genuine hacking on its systems, or even that any accounts have been compromised:
At this time, we have no evidence that accounts were successfully accessed or that the LastPass service was otherwise compromised by an unauthorized party, which is crucial to keep in mind going forward. As long as this sort of behavior is detected, we’ll take the necessary actions to keep LastPass, its users, and the data they save safe.
Since the corporation denies any indication of user data leakage or of a hacker gaining access to customers’ accounts, we can only trust the company’s word. LastPass users who aren’t getting any comfort from this may consider activating two-step verification for their account. No matter what, MFA is a smart idea since it provides an additional layer of security in the event of credential-stuffing and other similar assaults..