Qualcomm Nears $4 Billion Acquisition of AI Chip Startup Modular 
Today’s space race could turn fatal if we don’t agree on new rules 
Samsung Electronics Stock Surges on Report of Massive $59 Billion Share Buyback Plan 
Baseten Secures $1.5 Billion Funding at $13 Billion Valuation Amid AI Infrastructure Boom 
OpenAI May Delay IPO to 2027 Amid $1 Trillion Valuation Goal 
World Cup technology: from ref cams to AI analysts, cutting-edge research is changing the game 
Kioxia Targets U.S. Listing as AI Chip Boom Accelerates 
OpenAI IPO Delay Weighs on SoftBank Shares as AI Valuation Concerns Grow 
Meta Pauses Employee Activity Tracking Program Over Data Security Concerns 
Apple Supplier Stocks Slide as Samsung, SK Hynix Lead Selloff After Apple Price Hikes 
Alphabet Replaces Verizon in Dow Jones Industrial Average 
Cerebras Revenue Forecast Tops Expectations, but Margin Concerns Weigh on Stock 
SpaceX Eyes Starlink Mobile Phone Service to Challenge Verizon, AT&T, and T-Mobile 
Alibaba Shares Fall After Anthropic Alleges Massive AI Model Distillation Campaign 
SK Hynix Targets $29.4 Billion Nasdaq Listing to Expand AI Chip Business 
SpaceX Stock Rebounds After Sharp Selloff, But Valuation Concerns Persist 
Earlier this week, several people with LastPass accounts raised concerns after receiving an email warning them of blocked login attempts using their master passwords. However, the company said there was no data breach detected on its end and suggested that the suspicious activities may have resulted from credential stuffing.
One of the first reports came from Greg Sadetsky, who posted on a Hacker News forum about the incident. Sadetsky said the email from LastPass notified him that a login attempt originating from Brazil tried to gain access to his account using his master password, which was locally stored as an encrypted KeePassX file.
More people with LastPass accounts have confirmed from the same forum and on Twitter that they received the same email. Several affected users were also notified that the blocked login attempt from Brazil with the same IP address prefix. Other posts also showed that some of the attempted unauthorized access originated from other regions, including the United States and Paris.
In some cases, LastPass users said they received a second warning email shortly after updating their master password. And with multiple reports of similar suspicious activities, LastPass users are understandably concerned if this means that one of the leading password manager apps has suffered a serious data breach.
LastPass has addressed the issue, maintaining it has not detected a leak from its end. Spokesperson Meghan Larson told AppleInsider that the failed login attempts were likely a result of credential stuffing. “We do not have any indication that accounts were successfully accessed or that the LastPass service was otherwise compromised by an unauthorized party,” Larson said.
Credential stuffing activities primarily rely on a third-party data breach to compromise accounts on unrelated services. Attackers would gather stolen login credentials like email addresses, usernames, and passwords from a prior leak. They would then use these credentials, often by utilizing bots, to try to gain access to accounts on other services like LastPass in this case.
There are still some unanswered questions about these incidents, though, like how some users still received a warning even after changing their master password. But considering how credential stuffing activities operate, it is highly advised for LastPass users, or anyone with an online account, to always use unique and strong passwords and enable two-factor or multifactor authentication features.
Photo by Towfiqu barbhuiya on Unsplash
