Personal cyber security is more important now than ever. A lot of people will use a password manager in order to make this process easier and maintain strong, unique passwords across different sites. Unfortunately, putting all of that information in one place can also have its downsides. This month, LastPass received a security update after a password-revealing bug was discovered.
Tavis Ormandy, a prominent security researcher on Google’s Project Zero team, reported a security flaw to LastPass a short while ago. Exploiting the bug would have required a series of actions, including filling a password on a website using the LastPass icon and then visiting a malicious website and being tricked into clicking on the page several times. Through this method, the right malware would have been able to steal the credentials used on the previous site you visited.
The good news here is that the issue has been patched automatically across all browser versions, even though this bug only affected Chrome and Opera versions of the extension. The other piece of good news is that so far, there is no evidence that this bug was actually exploited, so LastPass users should still be safe.
Password managers are a convenient way to ensure unique passwords and keep track of them but unfortunately, they aren’t always flawless. Setting up two-factor authentication and other protections is still recommended as no one should be relying on just one layer of security.
KitGuru Says: I use LastPass myself and while I haven’t had any issues, it is always a little worrying to hear about flaws on password managers. Fortunately in this case, it looks like the problem was resolved quickly before it could cause any widespread damage.