LastPass Password Manager Bug Lets Hackers Steal Your Passwords

Mathias Karlsson, an IT security researcher recently breached the security of popular password managers LastPass and reported the issue to the firm. He explained that an attacker could send a specially-crafted URL to the victim in order to steal passwords from his/her vault.

What Is LastPass ?

LastPass is a password manager that also available as a browser extension that automatically fills credentials for you. It helps you set one master password to lock all other passwords of your different online accounts. So all you need to remember that master password and other things are made easier.

As soon as Karlsson reported the issue LastPass has fixed the flaw immediately and paid him a sum of $1000. It all happened when Karlsson noticed LastPass has added HTML code on their website and upon further research he found out a serious bug allowing him to extract passwords stored in the autofill feature.

The Second Hack From Another Person :

Google Project Zero Hacker Tavis Ormandy discovered a critical zero-day flaw in LastPass that could allow any remote attacker to compromise your account completely.

Once compromise a user’s LastPass account, hackers would be able to access all the other saved passwords by the user giving them access to several online accounts.

So generally it is advised that everybody should never use the same password for other accounts and also using 2 two factor authentication would help you secure your acccount more. And the most important this is always use strong passwords and not small or weak ones.

 

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA