Global PC Makers Eye Chinese Memory Chip Suppliers Amid Ongoing Supply Crunch 
Instagram Outage Disrupts Thousands of U.S. Users 
Oracle Plans $45–$50 Billion Funding Push in 2026 to Expand Cloud and AI Infrastructure 
Sony Q3 Profit Jumps on Gaming and Image Sensors, Full-Year Outlook Raised 
SpaceX Updates Starlink Privacy Policy to Allow AI Training as xAI Merger Talks and IPO Loom 
Sam Altman Reaffirms OpenAI’s Long-Term Commitment to NVIDIA Amid Chip Report 
Nvidia CEO Jensen Huang Says AI Investment Boom Is Just Beginning as NVDA Shares Surge 
SpaceX Pushes for Early Stock Index Inclusion Ahead of Potential Record-Breaking IPO 
Alphabet’s Massive AI Spending Surge Signals Confidence in Google’s Growth Engine 
Nvidia Confirms Major OpenAI Investment Amid AI Funding Race 
Nvidia, ByteDance, and the U.S.-China AI Chip Standoff Over H200 Exports 
Nvidia Nears $20 Billion OpenAI Investment as AI Funding Race Intensifies 
Elon Musk’s Empire: SpaceX, Tesla, and xAI Merger Talks Spark Investor Debate 
Nintendo Shares Slide After Earnings Miss Raises Switch 2 Margin Concerns 
Amazon Stock Rebounds After Earnings as $200B Capex Plan Sparks AI Spending Debate 
AMD Shares Slide Despite Earnings Beat as Cautious Revenue Outlook Weighs on Stock 
Earlier this week, several people with LastPass accounts raised concerns after receiving an email warning them of blocked login attempts using their master passwords. However, the company said there was no data breach detected on its end and suggested that the suspicious activities may have resulted from credential stuffing.
One of the first reports came from Greg Sadetsky, who posted on a Hacker News forum about the incident. Sadetsky said the email from LastPass notified him that a login attempt originating from Brazil tried to gain access to his account using his master password, which was locally stored as an encrypted KeePassX file.
More people with LastPass accounts have confirmed from the same forum and on Twitter that they received the same email. Several affected users were also notified that the blocked login attempt from Brazil with the same IP address prefix. Other posts also showed that some of the attempted unauthorized access originated from other regions, including the United States and Paris.
In some cases, LastPass users said they received a second warning email shortly after updating their master password. And with multiple reports of similar suspicious activities, LastPass users are understandably concerned if this means that one of the leading password manager apps has suffered a serious data breach.
LastPass has addressed the issue, maintaining it has not detected a leak from its end. Spokesperson Meghan Larson told AppleInsider that the failed login attempts were likely a result of credential stuffing. “We do not have any indication that accounts were successfully accessed or that the LastPass service was otherwise compromised by an unauthorized party,” Larson said.
Credential stuffing activities primarily rely on a third-party data breach to compromise accounts on unrelated services. Attackers would gather stolen login credentials like email addresses, usernames, and passwords from a prior leak. They would then use these credentials, often by utilizing bots, to try to gain access to accounts on other services like LastPass in this case.
There are still some unanswered questions about these incidents, though, like how some users still received a warning even after changing their master password. But considering how credential stuffing activities operate, it is highly advised for LastPass users, or anyone with an online account, to always use unique and strong passwords and enable two-factor or multifactor authentication features.
Photo by Towfiqu barbhuiya on Unsplash
