Major Exploit Fixed in LastPass

Oliver Bradshaw | Last Updated:

Technical VPN Analyst

It has been revealed that over the past few weeks, LastPass’s password storing service had a rather critical exploit which enabled user credentials to be exposed.

With more than 16 million users, this presents a rather daunting issue where LastPass could have leaked or lost millions of user passwords and log-in details. Without a doubt, this becomes increasingly problematic, seeing as LastPass is perceived as one of the safest and most reliable services for the general public to store their passwords and sensitive data.

How The Exploit Was Found

Back in August, Google’s Project Zero team member, Tavis Ormandy first spotted the exploit inside LastPass. The Project Zero project is a task force set up by Google to find exploits and issues with applications that could allow hackers and malicious parties access to sensitive data and programs.

Fast forward to today, and LastPass has made it known that they have been notified by Project Zero and have since patched the exploit — although the exploit seems to have remained open and accessible for more than two weeks.

How the Exploit Worked

The exploit was limited to Chrome and Opera browsers, where a user would have to be making use of the LastPass browser extension. As a user inputted their password into fake or deceptive websites, the site would then be given access to a user’s LastPass, which revealed passwords and other details that were used previously on a website.

Once the exploit was spotted, Project Zero made it clear that LastPass was informed immediately.

The Latest LastPass Update

LastPass has now released v4.33.0 of their browser extension, which has been automatically rolled out to all users. As expected, no manual adjustments or updates are required as Google, and Opera’s browsers will run the update and install the latest version of the application on their own.

Safely Storing Passwords

As is clear from LastPass’s exploit, there are still security risks with using password storage services, even reputable ones. We suggest taking an in-depth look into your password managers or making use of on-device encrypted solutions like Apple’s Keychain, rather than entirely cloud-based systems.

There are also services provided by VPN services such as NordVPN which should also be considered. The NordPass service by NordVPN is one of their upcoming services and features state of the art encryption and security protocols that keep device passwords and sensitive data as safe as possible.

PRIVACY ALERT: Websites you visit can see your current IP Address:

  • Your IP Address: 144.202.52.81
  • Your Location: Elk Grove Village, US
  • Your Internet Provider: The Constant Company

* Scammers, Governments, and Advertisers can use this information to track and target you.

Our recommended vpn service provider for general all-round internet security and online privacy is ExpressVPN. It offers an excellent selection of online security and internet privacy features, excellent speed, and the ability to unblock your favorite streaming services (Netflix, Hulu, Amazon Prime, BBC iPlayer).

Visit ExpresssVPN

Categories: News