The LastPass password management app confirmed an extensive operation to attempt to access subscriber data, stating however that no data was stolen. According to initial surveys, dozens of users have received emails warning of an attempt to access unauthorized accounts, promptly blocked. To link the activities, a series of Brazilian internet addresses, from which the operations would start. LastPass has reviewed recent reports of blocked login attempts and we believe the activity is related to a credential stuffing attempt. At present, we have no indication that account access has been successful or that the service has been compromised by an unauthorized party. ‘
What is LatPass.
The application is used to protect the passwords of each user, through a single master key, called “master password”. The attack is coming through the technique of “filling the credentials”, which uses an automated software capable, in a few seconds, of trying millions of combinations between username and secret keys, hoping to reach the correct mix to access the profiles.
Expert advice.
Names and passwords come from other breaches on the net, which people often don’t even know they are the victim of. This is why experts always advise not to use the same combination for multiple sites and apps.