Why you need to update LastPass password manager right now
If you use LastPass password manager, better check if the latest version - 4.33.0 - of the program is running on your machine's browser. The action is sought as an older version of the tool carries a bug capable of compromising your confidential passwords. The issue was discovered last month and fixed just recently. Here's all you need to know about it.
How LastPass could have leaked your passwords?
LastPass dominates as the finest password manager, but a few weeks back, security researcher Tavis Ormandy discovered a major security issue in the service. He found that the program's Chrome and Opera extensions had a bug that could have been exploited by a malicious site - like one masked with Google Translate - to give away the password used on a previously visited website.
Users had to click several times to fall for trap
Detailing the bug, LastPass's Security Engineering Manager, Ferenc Kun, claimed that the issue would have worked only when someone was tricked into visiting a malicious site and clicking on it 'several times'. But, the good part is, the bug was fixed before being publicly disclosed, and that there is no evidence indicating that the issue was exploited by any malicious actor in the wild.
Fix likely to be applied automatically
LastPass says that it had released a fix for the issue on September 13, which should apply automatically on all browsers, including the affected ones - Chrome and Opera. However, if you are someone who has disabled automatic extension updates on your browser, better head over into the settings of the program and update LastPass to version 4.33.0.
Still, you shouldn't ditch LastPass
All major programs, including the highly popular password managers, are susceptible to occasional bugs. The issue was fixed quickly after being discovered, and there is no risk to all the passwords you have stored in your LastPass vault. If anything, we would recommend turning two-factor authentication on so that all essential accounts never get breached, even if your password does.