LastPass bug potentially exposes online security of millions

ByCraig Haley

Password managers – those programs that many use to store their passwords for their many various online accounts – should, for obvious reasons, be pretty secure from a security standpoint.

They are, after all, the gateway to all your password and username combinations.

However a security researcher has found some “obvious critical problems” with one such popular password manager, LastPass. According to Google’s Project Zero researcher Travis Ormandy, LastPass has some serious issues that could potentially let hackers execute their own malicious instructions on a computer with LastPass installed.

This type of vulnerability is known as RCE – or remote code execution, and it’s one of the more serious types of vulnerability a piece of software can have, simply because it lets anyone run almost any type of their own code they want to on your machine, resulting in serious problems.


Sponsored Content. Continued below...




If someone visits a malicious website designed to exploit this vulnerability, they could potentially allow malware onto their computer with no warning, and the criminals can steal those precious passwords.

So, it’s a serious problem.

The good news is that it appears that Travis may have been the first person to discover the bugs in LastPass, so before you rush to uninstall the program, know that there is no evidence that this is being actively exploited by the bad guys, and LastPass (with Google) are quickly working on a fix.

So if you use LastPass, as soon as that update is ready to install, grab it with both hands.

Keep up-to-date with all the latest cybersecurity threats and our tips to stay safe online. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)