Et tu, LastPass? The popular password manager LastPass released an update last week fixing a security flaw that exposed credentials entered on previously visited websites.
The bug was discovered last month by Project Zero, on August 29th. Project Zero is a white hat hacking team at Google who look for security flaws in consumer products. Recently the team made major flaws in iOS public.
“To exploit this bug, a series of actions would need to be taken by a LastPass user including filling a password with the LastPass icon, then visiting a compromised or malicious site and finally being tricked into clicking on the page several times,” Ferenc Kun, the security engineering manager for LastPass wrote in a statement.
The issue was apparently specific to Chrome and Opera (Opera is a Chromium-based browser). LastPass said it has precautionarily deployed the security update to all browsers.
While LastPass has had more than a fews security bugs in the past, lastpass and other password managers are good for security. The reality is the alternative of storing all your password data in a browser is a terrible idea. While I have used LastPass for many years, I no longer recommend it to others. Privacytools.io has some recommendations for more secure password managers.