The developers of LastPass, a popular password manager solution, are currently in the process of fixing a “major architectural problem”, so they advise that users avoid using its browser plugins for now.
This vulnerability can allow an attacker to steal passwords and execute code from a remote location. It was discovered by Tavis Ormandy, a data security researcher at Google. He refrained from sharing the exact details on how the exploit is executed with the general public.
LastPass developers are already working on a fix, but do not want to share the exact details, to avoid wrongdoers being able to take advantage of this information while the plugin is still vulnerable to exploits. However, they have promised to share additional details once the work is done.
Furthermore, they advised their users to stay vigilant against phishing attacks, use two-step authentication, and launch LastPass directly from the vault.
Ormandy is a part of Google’s Project Zero, a white-hat hacking operation that aims to discover and report the vulnerabilities of other companies’ apps. The LastPass officials have publicly expressed how much they value their work.
Still, even though LastPass may be having some troubles right now, most data security experts recommend the use of a password manager. Data security breaches are part of our day-to-day reality, and if you use the same passwords on different websites, you are putting yourself at risk.
Using a password manager solution, however, only requires you to remember one master password, and enables you to use different passwords across websites without having to remember them.