LastPass Bug Almost Left Usernames and Passwords Exposed

Last week, security researchers from Google uncovered a bug that would have made LastPass vulnerable by directing users to a

A bug found on popular password manager service LastPass would have allowed hackers to view usernames and passwords for websites that had previously been visited by LastPass users.

The bug was discovered last week and has, thankfully, been fixed. There were also no reports of the bug being exploited by nefarious hackers. However, it is recommended that users update their LastPass apps and browser extensions to avoid falling foul of the issue.

Should you be worried about password managers failing to securely manage your passwords? Our verdict is no – but read on to learn why.

See our guide to the Best Password Managers 2019

LastPass Bug – Everything You Need to Know

The bug in question was discovered last week by a Google researcher working for its crack Project Zero team. The Project Zero group aims to find and help fix so-called “zero-day” vulnerabilities. These are basically the “unknown unknowns” in the world of cyber security.

This LastPass bug was particularly dangerous because all the attacker had to do was lure an unsuspecting user onto a website loaded with a few lines of javascript code. If, for example, a user clicked on a sketchy link in an email that led to an infected page, then they would be completely powerless to stop the bug.

Fortunately, however, the bug has been fixed by LastPass’ dev team. If your LastPass apps and extensions are set to auto-update, then you should be protected.

However, it’s worth double-checking, just to be sure.

Should You Stop Using LastPass?

Absolutely not – you’re perfectly fine to carry on using LastPass now that a fix has been issued by the developers.

However, it’s worth bearing in mind that software services are always liable to have some security issues. Fortunately, though, many companies (including LastPass) are quick to issue updates to squash any bugs that they encounter. Sadly, there are companies which don’t rectify issues as quickly as they should.

Again, we’d reiterate that no LastPass users have been affected by this bug. With LastPass, the speed of their update shows that you should be in good hands for the foreseeable future.

Read more of the latest tech news on

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Tom Fogden is a writer for with a range of experience in the world of tech publishing. Tom covers everything from cybersecurity, to social media, website builders, and point of sale software when he's not reviewing the latest phones.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals