A bug was discovered last month by Project Zero, Google's security and bug-hunting team, that LastPass was exposing credentials entered on a previously visited site.
LastPass released a fix for this bug, and users have been advised to update.
Believed to be the most popular password manager app today, LastPass fixed the reported issue on September 12. For users of LastPass, it is critical that they either enable auto-updates for LastPass or perform a manual update as soon as possible.
In addition to the importance of regular updates, this update is even more important because details on the bug were released including the steps necessary to reproduce the bug.
Because this vulnerability was discovered and privately reported by Google, there is no reason to believe that the bug has been exploited.
The efficiency of LastPass' ability to keep passwords safe was proven this summer when the company couldn't answer legal demands from the US Drug Enforcement Administration. They were told to hand over information such as passwords and home address, but could not comply because the data was encrypted and could not be accessed.
Share on Twitter Share on Facebook Back to Blog