Perhaps this will help? When you go to that hostname, it's one of the best phishing sites I've ever seen. When I tried to visit again just now, it just says "something went wrong" on the first site and "Access denied" on the second site. I saved the sites to disk as I went, but I doubt these dumps will tell you much. Just in case though: 1. Long story short: It sounds like all of you got phished. I suspect you installed a malicious app that somehow targeted your web browser's LastPass extension, modifying it to send your master password to these fine people.
Hey, That's quite possible, for sure. The issue -- what makes it perplexing -- is that I haven't used this LastPass password since I know because this LastPass account was only used to share passwords within an org that I left back then. Is it possible that I was phished 4 years ago, and they sat on the password? Or we were separately phished using different techniques, and now one Brazil server attempted to use all of our logins?
That's what's rather strange. Yeah, that's not impossible. Surprising that they sat on the passwords for so long, but this is quite possible. Nexxxeh 17 days ago root parent next [—].
You don't necessarily know they sat on it. You only just got a notification of the failed login now. That doesn't mean they didn't try stuffing it elsewhere previously, or have login attempts you weren't notified of. Nor do you know if the entity responsible for the failed login is the one who originally captured the credentials.
If you'll forgive the wild speculation, your credentials could have been sold recently and the new owners are less picky about alerting victims to the breach. It could be that a bunch of credentials were captured for a specific purpose.
Perhaps it was a targetted attack aiming for a specific victim, you and others here were collateral damage, and now the attacker is selling the assets. Yeah, totally agreed and all great points.
I also generally am more suspicious of the idea that they sat on the credentials for years. Although that is not impossible. Couldn't it just be that someone got a copy of the password some years ago and now sold the list of credentials to someone else, who then tried to use it?
Maybe the original owner of the list didn't realize some of the credentials was for LastPass, for example. I agree, that could make sense. Perhaps you can ask the other victims when did they register their accounts to see if that's true?
This seems likely. I feel like this sounds more like a zero-day exploit being used to target the LastPass login servers. Fnoord 17 days ago root parent prev next [—]. Great post, seriously. How many extensions are you using again? The only ones I have that match up there are EditThisCookie and ublock origin EditThisCookie was last updated November 22, , so it doesn't seem likely from that.
But, it certainly wasn't from Spectrum my ISP , but they designed the page to make it look like it was. I agree that it could be totally unrelated to the root mystery though. But "everyone here fell for malware or got phished" seems like the most likely explanation, even if my answer happens to be otherwise incorrect. I just tried logging into my LassPass not used for a while and I entered the password wrongly I capitalised one letter and got an email "Someone just used your master password to try to log in to your account from a device or location we didn't recognize.
It gave the IP as Islington which is kind of correct. I think that password case is a separate issue. If I remember correctly, many online services do "secretly" accept mixed cases for the same password because users make more mistakes than they realize and it would be "annoying" to be too strict If you didn't receive a "Someone just used" email with an IP that's completely geographically off from where you are that's a good sign, of course.
I tried pushing back on just such a request once, pointing out it made of of the password "security" requirements pointless use mixed case letters. All I could do at the time was internally shake my head. If the messaging is the same regardless of whether the right password is used then that changes everything!
When a wrong password is used, no email is sent out from my multiple experiments today. I'm happy to be proven wrong, but I think that what's happening with tim is that master passwords may be all lower cased for example before being hashed. Or maybe the password is hashed twice with the first letter upper and lower cased. I don't think that's the case. I went back and looked at the auth logs and there are many "failed logins" and one "Login verification email sent", which is the only one I got an email for.
I am having the same issue!!! One of my important passwords was leaked and in free use by a bunch of people who were all accessing my evernote account thankfully it had nothing important in it. I've been on a spree to change my passwords since then.
I have been wondering - is this because of the following lastpass bug? Just happened to me one hour ago and got scared shitless. Edit 1 Following IP addresses are reported in the thread so far: One other thing to note is that by default lastpass allows reverting to your previous password for 30?
To be safe you would probably want to disable that then change your password again. Just don't lose your new password as you then can't revert. I last changed my master password in , and it gave me the option to revert to previous password. So it's not just a 30 day thing. That is concerning and directly contradicts the docs: "You can revert to your previous master password only if the change had taken place within the last 30 days.
You received a "Someone just used your master password to try to log in to your account from a device or location we didn't recognize" email? Did we all that's 8 of us now in the thread get compromised a few years ago using the LastPass extension?
Edit: since you're tracking IPs found in this thread thanks! You also have 1 ip duplicated You can also add I haven't rotated my password in a while. Could you link me to more info about the LastPass compromise that you mentioned? That's so extremely bad and really cannot be a coincidence at this point. We were all owned in the same way years ago? So they had waited all these years, before they act on those Password?
Seems like there should be some other explanation. Nyr 17 days ago parent prev next [—]. All of this IP space is cybercrime-related. Whoever is using it is up to no good. The rest is owned and announced by ColoCrossing which could be considered a legit ISP by some metrics, but also has an extensive history of hosting lots of shady stuff.
Or is there something that makes it less secure than other apps? Perhaps because it has cloud backups? Also if they really did get exploited, no idea what it means for their MFA solution. When you do authy or google auth it will generate a new set of keys for you and shutdown any old ones associated with the lastpass stuff thus making the old keys useless.
Also obviously he should change his master password to a new one. The codes in Lastpass Authenticator are optional and can be bypassed. It's not secure at all. How so? Are you saying that if I sign up for example to Dropbox and use Lastpass Authenticator for the 2FA, there is a way for me to log into Dropbox without retrieving the code from LastPass Authenticator?
How would that work? This is my worst nightmare and I wonder what the order of operations is in terms of downloading and unlocking a vault. Can't use the same PIN as a hacker would just add myhackurl.
I think you'd also run into issues with password length as a lot of sites still have a restriction. I like the idea though and maybe a different implementation could work. I mean a PIN that's not stored in the vault or auto-filled. It would be something extra that you add manually after the password manager fills in the password So the password manager would put in 'password' and I'd manually type '' to make it 'password'.
That would not have stopped the vulnerability 'LastPass bug leaks credentials from previous site' see Zdnet article posted elsewhere though that's not a common vulnerability in software. IsThisYou 17 days ago root parent prev next [—]. Isn't that what 2FA is for? An additional "PIN" that changes every couple of seconds.
Also, do not store your 2FA reset codes in the same account as your passwords. Hey, could you please confirm whether you have uBlock origin installed in the following thread? Just deleted my last pass account! Dma54rhs 17 days ago parent next [—].
Mine was from India, master password definetly unique and very strong. I'm still hoping for some bug that mass alerted every day login attempts instead of actually gaining access. Also, incorrect login attempts i. We need to find a common thread.
Same IP range for me. How is this possible???? Maybe it's just a bug. Cu3PO42 17 days ago root parent next [—]. I have a LastPass account also not used for some time and have not received this email.
How old approximately was your account? I used my master password the last time in That seems improbable? That's really so strange. It's beginning to look like this is a LastPass issue, no..?
LastPass was my first thought, but I couldn't find anyone else having the same issue and decided it couldn't possibly be them. Now I'm not sure! I've emailed you a list of the extensions I use in Chrome - if you want to share publicly any that we have in common I'm okay with that.
Hey, thanks -- just replied to your email. Since I haven't used this LastPass master password since , I'd have to remember which extensions I had back then, which is hard to do But it's hard to say. It's a possible vector that you, dogman and I had the same compromised extensions but also Did all of you use the same OS four years ago?
Windows perhaps? A malicious extension probably wouldn't be able to affect your LastPass extension, but a malicious malware app could easily modify it. I definitely could have been phished then, or used a compromised extension. AdmiralAsshat 17 days ago root parent next [—].
How'd they get past the 2FA, though? LP shoots an email as soon as someone attempts to login with the correct password from a new IP. Once the IP is approved you have to follow a link from the email , then you login again with the correct password and then get the 2FA prompt. What prompted the move to 1password?
Curious as I am deciding myself which service to use. I was so pissed at LastPass when the Firefox extension stopped working when Firefox Quantum was released, they didn't have an ETA for fixing it, their support is completely crap. I gave up no LastPass with 9 months left on my subscription and moved to 1Password. It's more expensive, but it's sooooo much better and polished. What browser extensions do you have installed?
I don't remember which extensions I had in , unfortunately That's a different IP range, but the fact that it's all happening at once i. Or I am drawing a random line through a cloud of dots..? That IP is not from Brazil. It revert-resolves to keznews. I feel this is like a Reddit detective moment. Almost everyone here is going to have uBlock Origin installed. Yeah I agree. And a few users who were compromised confirmed not having uBlock. So yeah. False trail. Are we sure that same email isn't sent out if someone tries to log into your account with the wrong password?
No email is sent when an attempt was made to login with the wrong password. Yes No. Sorry this didn't help. Thanks for your feedback. Hi I need some help. I have the same question 0. Report abuse. I should also mention that it's not just paranoia. I've had hackers clean out my bank account before because I used a weak password on PayPal and it was linked to my bank account.
Also had my identity stolen. The hackers started opening credit accounts in my name, like 10 or 15 of them. They even walked into the Macy's store in New York City with a fake drivers license in my name to open a credit line. That was madness trying to fix all that. Another word of advice, lock your credit. You probably only need your credit unlocked infrequently like when buying a house, which doesn't happen often and you can unfreeze it when needed.
It makes a huge difference, with a locked credit the hackers can't do anything, and the it would be really hard for them to answer all the security questions to try to impersonate you. Safety first. D-EJ [H]ard Gawd. Joined Jan 31, Messages 1, If you happen to save your passwords in chrome it also checks to see if they are compromised if you go to the settings page for it. D-EJ said:. It was in your original post View attachment Guess I have to change my password, lol. You'd have to be a fool to enter your password into any site, no matter the claim.
LOL gee, thanks for letting me know. Krenum said:. Wait a second MavericK Zero Cool. Joined Sep 2, Messages 31, Joined Dec 8, Messages I think I checked that 'haveIbeenpwned' site a while back and some accounts I no longer use were breached. But for peace of mind I changed my e-mail address password for something with lots of special characters and capital letters, wrote it down on piece of paper and stored it with other important documents of mine.
I had been using the same password for almost everything for years, really bad practice. Joined Nov 12, Messages 2, Pretty sure it always says it was leaked. Because if it wasn't before, it is now. AzixTGO Weaksauce. Joined Feb 21, Messages Best Website Security. What is Hashing. Our malware detection scanning, preventive methods and removal enables you to take a proactive approach to protect the business and brand reputation from malware attacks and infections.
Comodo cWatch Web can identify malware, provide the tools and methods to remove it, and help to prevent future malware attacks at the edge before it hits the network, included as a paid member. Already have an cWatch account? Sign in here. Our exclusive C. While anomaly detection to identify changes associated with the network safety. Combined with malware scanning, vulnerability scanning and automatic virtual patching and hardening engines provides robust security is fully managed for Comodo cWatch Web customers.
Add a network of globally distributed servers designed to boost the speed for websites and web applications by transferring content to your user based on their proximity to the nearest CDN web server. CDN serves your users your website content with virtually unlimited capacity. Giving you the freedom to focus less on site maintenance, more on scaling the uptime of your traffic and target audience. All rights reserved. All trademarks displayed on this web site are the exclusive property of the respective holders.
Get free trial. Password Hackers December 05, By Admin votes, average: 4. Online Password Hacker Website Password Hacker or Cracker refers to the individual who attempts to crack the secret word, phrase, or string of characters used to gain access to secured data.
How To Crack and Hack Passwords? Here are a few ways by which hackers cull out their required information: 1. Keylogger This simple software records the key sequence and strokes of the keyboard into a log file on the computer and then passes it on to the password hacker. Fake WAP The hacker makes use of software to dupe a wireless access point and once inside the network the hacker accesses all the required data.
Phishing The most used hacking technique is Phishing which enables a hacker to replicate the most accessed sites and tricks the victim by sending that spoofed link. Free Password Hacking and Cracking Tools Over the years, password hacking which is also known as password cracking has evolved tremendously.
How to Defend against Password Hacking? Recent Articles. Is This Website Safe? Password Hackers. Protect Now.
0コメント