Tech.co logo

LastPass Bug Almost Left Usernames and Passwords Exposed

September 16, 2019

12:20 pm

A bug found on popular password manager service LastPass would have allowed hackers to view usernames and passwords for websites that had previously been visited by LastPass users.

The bug was discovered last week and has, thankfully, been fixed. There were also no reports of the bug being exploited by nefarious hackers. However, it is recommended that users update their LastPass apps and browser extensions to avoid falling foul of the issue.

Should you be worried about password managers failing to securely manage your passwords? Our verdict is no – but read on to learn why.

See our guide to the Best Password Managers 2019

LastPass Bug – Everything You Need to Know

The bug in question was discovered last week by a Google researcher working for its crack Project Zero team. The Project Zero group aims to find and help fix so-called “zero-day” vulnerabilities. These are basically the “unknown unknowns” in the world of cyber security.

This LastPass bug was particularly dangerous because all the attacker had to do was lure an unsuspecting user onto a website loaded with a few lines of javascript code. If, for example, a user clicked on a sketchy link in an email that led to an infected page, then they would be completely powerless to stop the bug.

Fortunately, however, the bug has been fixed by LastPass' dev team. If your LastPass apps and extensions are set to auto-update, then you should be protected.

However, it's worth double-checking, just to be sure.

Should You Stop Using LastPass?

Absolutely not – you're perfectly fine to carry on using LastPass now that a fix has been issued by the developers.

However, it's worth bearing in mind that software services are always liable to have some security issues. Fortunately, though, many companies (including LastPass) are quick to issue updates to squash any bugs that they encounter. Sadly, there are companies which don't rectify issues as quickly as they should.

Again, we'd reiterate that no LastPass users have been affected by this bug. With LastPass, the speed of their update shows that you should be in good hands for the foreseeable future.

Read more of the latest tech news on Tech.co

Did you like this article?

Get more delivered to your inbox just like it!

Sorry about that. Try these articles instead!

Tom Fogden is a writer for Tech.co with a range of experience in the world of tech publishing. Tom covers everything from cybersecurity, to social media and website builders when he's not reviewing the latest phones, gadgets, or occasionally even technology books.