(ANSA) – MILAN, DEC 29 – The LastPass password management app has confirmed an extensive operation to attempt to access subscriber data. The application is used as a safe to protect the passwords of each user, through a single master key, called “master password”. And this is exactly what hackers are aiming for, through the “credential filling” technique, which uses automated software capable, in a few seconds, of trying millions of combinations between username and secret keys, hoping to reach the correct mix to access the profiles. Names and passwords come from other breaches on the net, which people often don’t even know they are the victim of. For this reason, experts always advise not to use the same combination for multiple sites and apps. According to initial surveys, dozens of users have received email alerts of an attempt to access unauthorized accounts, promptly blocked. To link the activities, a series of Brazilian internet addresses, from which the operations would start. In the last few hours, LastPass has reassured subscribers to the service, stating that no data has been stolen. “LastPass has reviewed recent reports of blocked login attempts and we believe the activity is related to a credential stuffing attempt. At this time, we have no indication that the account login was successful or that the service was compromise by an unauthorized party “. Meanwhile, reports are increasing both on the Hacker News forum and with various posts on Twitter. (HANDLE).
Source From: Ansa