MENU

LastPass Updates Security After Vulnerability Was Exposed By A Researcher

30 March 2017, 12:23 am EDT By Des Luna Tech Times
Close
Cyber Security Challenge UK launches game portal to train kids and adults to be cybersecurity talent

What is worse than a forgotten password? A stolen one.

Password manager LastPass is in hot water this week as security flaws were discovered in its web browser extension. On March 26, Google security researcher Tavis Ormandy exposed a client-side vulnerability in LastPass that he found in Google Chrome. LastPass acknowledged the problem and vowed to address it.

Cybersecurity has been a hot topic this March. On a major scale, WikiLeaks leaked documents on CIA spying. On a lesser degree, Google Allo was found out to reveal your recent browsing history.

A 'Unique And Highly Sophisticated' Attack

Google Project Zero security researcher Tavis Ormandy revealed via Twitter the client-side vulnerability he discovered in a LastPass browser extension and sent the company a report. As per Project Zero's policy, LastPass now has 90 days to fix the issue before Google discloses the vulnerability details. LastPass immediately sprang into action to address this security flaw.

LastPass acknowledged the breach and calls it a "unique and highly sophisticated" attack. As protocol and also for security purposes, the company did not reveal the details about the attack.

"We don't want to disclose anything specific about the vulnerability or our fix that could reveal anything to less sophisticated but nefarious parties," wrote LastPass in its official blog.

LastPass also disclosed that a "more detailed post mortem" report will be published once the problem is resolved.

This isn't the first time that a LastPass vulnerability was exposed by Ormandy. Earlier this March, Ormandy reported two separate flaws in LastPass' browser add-on. This third vulnerability might take a while according to Ormandy, calling it a "major architectural problem."

How To Protect LastPass Account

LastPass acknowledged Ormandy's efforts in helping the company "raise the bar for online security" and vowed to work to become the most secured password manager in the market. As a precaution, it shared tips on how users can protect their accounts from this type of security breach.

One suggestion LastPass shared is using LastPass Vault as a launch pad for password-protected sites. According to LastPass, this is the safest way to access their credentials, which will be the case until the vulnerability is resolved.

Another is Two-Factor Authentication. LastPass suggested to users to do this with their accounts "whenever possible" as most websites offer this option already.

Lastly, the company warned against phishing attacks, cautioning users not to click on suspicious links and advising them to read its phishing primer.

© 2017 Tech Times, All rights reserved. Do not reproduce without permission.

From Our Sponsor

Entropia Universe Gaming Achievements: Guinness World Records, Investor Successes, And More

Entropia Universe, launched in 2003, has come a long way, earning both the game as well as its creator, several accolades. We take a look at some of the achievements.
Real Time Analytics