The News: LastPass security bug fix has been released, and users of the popular password manager should update now. The LastPass security bug was discovered and reported by Project Zero’s Travis Ormandy, part of Google’s elite security and bug-hunting team. The LastPass security bug could possibly have revealed credentials entered by users on sites previously visited. To be safe, users should make sure they have installed and are running the most current version of the LastPass password manager. Read more at ZDNet.
LastPass Security Bug Fix Released
Analyst Take: Security breaches, or vulnerabilities, are discovered on a daily basis. The good news about the LastPass vulnerability is that it was a bug and reported fixed by LastPass on September 12th — and, more importantly, there is no evidence of or reason to fear the bug was discovered and exploited in the wild.
According to the company, the bug discovered by Project Zero could be used to potentially lure visitors to fill a password via LastPass, but then would take them to a compromised site and trick the user into an action that would reveal credentials from the site previously visited.
It’s important to note that this bug was limited to Google’s Chrome and Microsoft’s Opera browsers, but that the fix developed by LastPass was sent to all browsers.
Next Steps for LastPass Users
While the company pushed an update live to all browsers on Friday of last week, it makes sense to be cautious. If you’re a LastPass user, it would be a good idea to not rely on auto updates to your browser extensions, but instead to check that you are running version 4.33.0, which is the update issued on September 12, 2019.
Beyond this bug discover, this is a good reminder for all that security breaches are an omnipresent threat to businesses of all sizes. Using a password manager should be SOP for all businesses today. A password manager, for business or for personal use, combined with multifactor authentication protocols on top of a password manager, is one of the safest routes to keeping your data, business and personal, protected.
The second most important thing you can do as it relates to security breaches: Regular and ongoing employee security awareness training.
Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.