Our initial findings led us to believe that these alerts were triggered in response to attempted “credential stuffing” activity, in which a malicious or bad actor attempts to access user accounts (in this case, LastPass) using email addresses and passwords obtained from third-party breaches related to other unaffiliated services. We recently investigated reports of an uptick of users receiving blocked access emails, normally sent to users who log in from different devices and locations.
As part of our commitment to security, we regularly monitor our services for actual, suspected, or attempted malicious or unusual activity.
0 kommentar(er)
