Google Researcher Uncovers LastPass Credential Leak

Must Read

Coronavirus Update: The United States and The United Kingdom

July 13, 2020: The United States hits a total of 3.3 million cases that will make 29% of the global case in the United States. Florida...

15,000+ cases in Florida break the national record of a single day spike

July 13, 2020: A total of 15,300 cases reported on Sunday in Florida state. The highest among any other state recorded in the past...

50 Best Jobs working from home: the pandemic solution

Flexjobs announced the top 100 list of companies offering work from home for the seventh time and the best 50 companies chosen...

LastPass, one of the most popular password management solutions has allegedly exposed the credentials of the service’s more than 16 million users, including 58,000 businesses. The information came into light through a tweet from Security researchers at Google’s Project Zero team, which read,

“lastpass: bypassing do_popupregister() leaks credentials from previous site bugs.chromium.org

According to experts, “by embedding a website with malicious code, a hacker could trick Lastpass into divulging the password of previously visited websites.” Although the bug has been reportedly patched, it is important to note that 58,000 businesses currently rely on the company’s service.

Tavis Ormandy, a vulnerability researcher at Google, rated the severity of the bug as ‘high’ due to the fact that an exploit could have been leveraged by simply directing a user to a specific web page via disguised malicious links in Google pop-ups. In relation to the development, Ferenc Kun, LastPass’s security engineering manager added,

“To exploit this bug, a series of actions would need to be taken by a LastPass user including filling a password with the LastPass icon, then visiting a compromised or malicious site and finally being tricked into clicking on the page several times.”

According to White Hat hacker, John Opdenakker, the biggest culprit behind security breaches is often the fact that either one’s password is too weak and/or that a password has been used repeatedly across multiple accounts.

there’s absolutely no reason to stop using LastPass or your preferred password manager for that matter. “Although password managers like any other software have flaws the benefits of using one far outweigh the risks,” says ethical hacker John Opdenakker. “It’s far more likely that your accounts will get compromised by attacks that exploit poor passwords,” Opdenakker says, “such as through credential reuse, than by attacks against password managers themselves.”

As of now, LastPass has patched the vulnerability and has been verified with Project Zero. As per the original sources, the fix was rolled out on 13th of September, and Kun confirmed that “we have now resolved this bug; no user action is required and your LastPass browser extension will update automatically.”

- Advertisement -

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

Coronavirus Update: The United States and The United Kingdom

July 13, 2020: The United States hits a total of 3.3 million cases that will make 29% of the global case in the United States. Florida...

15,000+ cases in Florida break the national record of a single day spike

July 13, 2020: A total of 15,300 cases reported on Sunday in Florida state. The highest among any other state recorded in the past...

50 Best Jobs working from home: the pandemic solution

Flexjobs announced the top 100 list of companies offering work from home for the seventh time and the best 50 companies chosen...

Is Mentor or Mentoring team a need for your career growth?

We would often see in the corporate world, the employee continuously mentored outperform and out-earn from the other employees...

Sony invests $250 million in Epic Games

July 10, 2020: Which company do you think will have a huge impact on the entertainment industry? Not Netflix or Amazon...
- Advertisement -

More Articles Like This

- Advertisement -

Join Us

Advertise with us

Receive the latest news

Contact Us

Receive the latest news

Request for online magazine