LastPass Says Automated Warnings Linked to ‘Credential Stuffing’ Attack

47
LastPass Says Automated Warnings Linked to ‘Credential Stuffing’ Attack

In so-called “credential stuffing” attacks, users of the popular LastPass password manager are being targeted with email addresses and passwords obtained from third-party breaches.

LastPass has issued an official statement in response to reports that some users have received blocked access emails warnings, which are typically sent to users who log in from different devices and locations.

The email notifications raised concerns about a data breach at the LogMeIn-owned startup, which boasts more than 30 million users and 85,000 commercial customers around the world. LastPass, however, downplayed the severity of the problem in a note attributed to VP of Engineering Gabor Angyal, saying the alerts were tied to known credential-stuffing threats.

Read More: Securityweek

For more such updates follow us on Google News ITsecuritywire News