That's quite possible, for sure. I am not beyond/above/below being phished like anyone else, ha!
The issue -- what makes it perplexing -- is that I haven't used this LastPass password since 2017. I know because this LastPass account was only used to share passwords within an org that I left back then.
Is it possible that I was phished 4 years ago, and they sat on the password? Sure.
But 2 other people in this thread being phished from the same exact same phishing server/group?
Or we were separately phished using different techniques, and now one Brazil server attempted to use all of our logins?
You don't necessarily know they sat on it. You only just got a notification of the failed login now.
That doesn't mean they didn't try stuffing it elsewhere previously, or have login attempts you weren't notified of.
Nor do you know if the entity responsible for the failed login is the one who originally captured the credentials.
If you'll forgive the wild speculation, your credentials could have been sold recently and the new owners are less picky about alerting victims to the breach.
It could be that a bunch of credentials were captured for a specific purpose. Perhaps it was a targetted attack aiming for a specific victim, you and others here were collateral damage, and now the attacker is selling the assets.
I also generally am more suspicious of the idea that they sat on the credentials for years. Although that is not impossible.
One disproving fact (of sitting on the password for years) is that a few people here in this thread confirm having a login attempt from the exact same ip range, but with an account that was created this year -- in one case, in November 2021:
Couldn't it just be that someone got a copy of the password some years ago and now sold the list of credentials to someone else, who then tried to use it? Maybe the original owner of the list didn't realize some of the credentials was for LastPass, for example.
I'm still seeing hackers trying to log on using passwords I haven't used in ~10 years, because it's on a list somewhere.
So LastPass (their extension) may have been hacked ~5 years ago ish, a few people here on the thread were all hacked in the same way, our passwords were sold off, and now the same Brazil IP range just tried all of those passwords.
I've been trying to ask this to people posting reports, and although there are many "older" accounts (like mine, circa 2017 or older), at least 2 reports are from accounts created this year:
That's quite possible, for sure. I am not beyond/above/below being phished like anyone else, ha!
The issue -- what makes it perplexing -- is that I haven't used this LastPass password since 2017. I know because this LastPass account was only used to share passwords within an org that I left back then.
Is it possible that I was phished 4 years ago, and they sat on the password? Sure.
But 2 other people in this thread being phished from the same exact same phishing server/group?
Or we were separately phished using different techniques, and now one Brazil server attempted to use all of our logins?
That's what's rather strange.