Mathias Karlsson, an IT security researcher recently breached the security of popular password managers LastPass and reported the issue to the firm. He explained that an attacker could send a specially-crafted URL to the victim in order to steal passwords from his/her vault.
What Is LastPass ?
LastPass is a password manager that also available as a browser extension that automatically fills credentials for you. It helps you set one master password to lock all other passwords of your different online accounts. So all you need to remember that master password and other things are made easier.
As soon as Karlsson reported the issue LastPass has fixed the flaw immediately and paid him a sum of $1000. It all happened when Karlsson noticed LastPass has added HTML code on their website and upon further research he found out a serious bug allowing him to extract passwords stored in the autofill feature.
I, too, have hacked LastPass 🙂 https://t.co/YeIzTHASou cc @taviso
— Mathias Karlsson (@avlidienbrunn) July 27, 2016
The Second Hack From Another Person :
Google Project Zero Hacker Tavis Ormandy discovered a critical zero-day flaw in LastPass that could allow any remote attacker to compromise your account completely.
Are people really using this lastpass thing? I took a quick look and can see a bunch of obvious critical problems. I’ll send a report asap.
— Tavis Ormandy (@taviso) July 26, 2016
Once compromise a user’s LastPass account, hackers would be able to access all the other saved passwords by the user giving them access to several online accounts.
So generally it is advised that everybody should never use the same password for other accounts and also using 2 two factor authentication would help you secure your acccount more. And the most important this is always use strong passwords and not small or weak ones.
