Industry Updates

LastPass User Credentials May Have Been Exposed To Hackers

Do you use the password manager LastPass?  If so, you’re certainly not alone.  In recent years it has seen its popularity surge and has grown to become the most popular app of its type on the web.  Unfortunately, last month, Tavis Ormandy (part of Google’s Project Zero team) discovered a critical flaw in the app’s design that allowed some user data to be compromised.

Having said that, there are a couple of important caveats:

First, the bug only appears for Chrome and Opera browser extensions.  Second, the only credentials revealed are the ones for the last site you visited, so this bug does not expose all the passwords that LastPass saves and manages for you.

Even so, it’s a critical bug and the company moved swiftly to patch the issue.  If you download the latest build as soon as you finish reading this article, you won’t have any issues.

It should also be noted that since Google found and reported the issue, and since LastPass moved so quickly to resolve it, there’s no indication that this issue was exploited by hackers in the wild.  Even so, it doesn’t pay to take chances, so if you’re a LastPass user and it’s been a while since you updated, the time to do so is now while it’s still fresh in your mind.

The worst thing you could do would be to abandon the password gate because of a bug that has already been fixed.  Unfortunately, this isn’t the first, and won’t be the last issue of this type to impact LastPass and other password protection services.  Even though that’s true, you’re much more secure using them than not.  If you’re not currently using LastPass or some other password manager, you should strongly consider doing so.  It’s a simple way to take your online security to the next level.