LastPass Flaws Hands Out Passwords to Hackers
Gareth Andrews / 8 years ago
eBay, Amazon, Facebook, Twitter, Reddit. With so many accounts it’s often hard to come up with and remember, unique passwords for every site and account we use on a regular basis. With people using more and more accounts for everything its hard to keep track of your passwords without making them easy to figure out and guess, something which hackers rejoice when they try to gain access to your accounts. With people recommending the use of password managers, but it looks like LastPass, one of many managers, may have given away your passwords thanks to a flaw.
LastPass is a password manager, one of many systems designed to save, manage and secure your passwords, taking the task away from yourself and instead putting it in the hand of software. It would seem that a Google security researcher has now found a flaw in LastPass that allowed them to remotely hijack the software. The hack relies on a classic scenario, tricking users to visit a malicious site which would allow them to exploit a flaw in the Firefox browsers plugin.
LastPass are not only aware of the flaw but have patched it for their Firefox users, but this is only one of many flaws found in the software. Other flaws have allowed people to not only bypass the software but to also capture and steal users passwords.