Altcoins a ‘Relatively Huge’ Risk as Big Returns Fade, Analysts Warn Investors 
Kia's Electric Pickup Spotted in US Testing, Targets Tesla Cybertruck, Ford F-150 Lightning 
Binance Pay Launches Dedicated Shiba Inu Payment Page, Boosting SHIB Use 
Whales Bag $61M Profit as RNDR Price Rallies Over 3% 
Crucial SHIB Warning Goes Out: Fake Airdrop Scams Targeting Community, Here's Reason 
Bitcoin Soars on Cooling US CPI Inflation Data, Investor Sentiment Improves 
Bitcoin Has Best Day in 2 Months as SHIB to Get More Scarce with Shibarium 
ECB Calls for Monitoring and Possible Regulation of AI in Finance 
Tether's $1B USDT Mint Boosts Bitcoin, Eyes on $70K Milestone 
Shiba Inu Rep Lucie Makes Major Bullish Statement on Shibarium Coins 
Ex-OpenAI Exec Criticizes Sam Altman's Focus on 'Shiny Products' Over AI Safety Concerns 
Binance Enhances SHIB, USTC, AGIX Trading and Liquidity for Better Market Dynamics 
Microsoft Integrates AMD AI Chips into Azure, Competing with Nvidia’s GPU Offerings 
Tesla Cybertruck to Receive Full Self-Driving V12.5 Update in June, Elon Musk Announces 
Spot Bitcoin ETF: Vanguard Might Join BlackRock in Major Market Shift 
OpenAI Strikes Deal with Reddit to Bring Content to ChatGPT, Boosting Stocks 
Vanguard’s New CEO Says Bitcoin ETF Not on the Table: Report 
Earlier this week, several people with LastPass accounts raised concerns after receiving an email warning them of blocked login attempts using their master passwords. However, the company said there was no data breach detected on its end and suggested that the suspicious activities may have resulted from credential stuffing.
One of the first reports came from Greg Sadetsky, who posted on a Hacker News forum about the incident. Sadetsky said the email from LastPass notified him that a login attempt originating from Brazil tried to gain access to his account using his master password, which was locally stored as an encrypted KeePassX file.
More people with LastPass accounts have confirmed from the same forum and on Twitter that they received the same email. Several affected users were also notified that the blocked login attempt from Brazil with the same IP address prefix. Other posts also showed that some of the attempted unauthorized access originated from other regions, including the United States and Paris.
In some cases, LastPass users said they received a second warning email shortly after updating their master password. And with multiple reports of similar suspicious activities, LastPass users are understandably concerned if this means that one of the leading password manager apps has suffered a serious data breach.
LastPass has addressed the issue, maintaining it has not detected a leak from its end. Spokesperson Meghan Larson told AppleInsider that the failed login attempts were likely a result of credential stuffing. “We do not have any indication that accounts were successfully accessed or that the LastPass service was otherwise compromised by an unauthorized party,” Larson said.
Credential stuffing activities primarily rely on a third-party data breach to compromise accounts on unrelated services. Attackers would gather stolen login credentials like email addresses, usernames, and passwords from a prior leak. They would then use these credentials, often by utilizing bots, to try to gain access to accounts on other services like LastPass in this case.
There are still some unanswered questions about these incidents, though, like how some users still received a warning even after changing their master password. But considering how credential stuffing activities operate, it is highly advised for LastPass users, or anyone with an online account, to always use unique and strong passwords and enable two-factor or multifactor authentication features.
Photo by Towfiqu barbhuiya on Unsplash
