Leave a comment

Bug in a popular password manager may have exposed millions of logins

Bug in a popular password manager may have exposed millions of logins
© Ilia Titchev | Dreamstime.com

Well, this isn't good. You've learned to create more difficult passwords, you have different passwords for all your online accounts — you even use a password manager program.

Now you find out that your password manager could have exposed your login credentials. There's nothing more frustrating than following the rules only to still have hackers get their paws on your passwords.

A bug was indeed found on a popular password manager program that could have been catastrophic. We'll tell you which program was affected, what happened and how you can protect yourself.

Millions could have had passwords exposed

A security vulnerability on the password manager program LastPass briefly left about 16 million users at risk of having their credentials compromised. The bug was discovered by Google Project Zero.

The bug could have revealed credentials entered on a previously visited site using either the Chrome or Opera browsers. There are no reports that any data was breached.

LastPass purged the bug and updated its program as soon as the Google Project Zero team alerted them to the finding. LastPass said that although the bug was limited to Chrome and Opera browsers, the update has been deployed to all browsers.

 

Related: Watch out for a big increase in malware that steals your passwords

 

Google Project Zero's report showed that under a limited set of circumstances on the affected browsers an attacker could have created a clickjacking scenario. Even better, to exploit the bug a hacker would have to do a lot of work.

A bad actor would only be able to exploit the vulnerability by getting a LastPass user to fill a password with the LastPass icon. The user would then have to visit a compromised or malicious site where they would be tricked into clicking on the site several times.

If all that happened, only the last site credentials filled by LastPass would be exposed. It seems like a lot of effort for such a small payoff.

Keep using password manager programs

Malware can affect any program, so don't let this incident put you off from using password managers. These programs are still the best way to protect your passwords for sensitive sites.

Also, you're more likely to create more difficult passwords if there's a safe place to store them. In fact, it's more likely you'll be hacked by using the same passwords or easy to crack passwords on websites than a password manager program being hacked.

If you're looking for a great password manager get RoboForm Everywhere. Receive 50% off your RoboForm Everywhere subscription, exclusively for Kim Komando listeners! On sale for $11.90/year, but hurry offer valid until 10/31/19.

Even if you already use a password manager, here are more safety tips:

  • Make sure to enable multi-factor authentication for all of your accounts, including your password manager.
  • Never reuse your master password on your password manager program and never disclose the master password to anyone.
  • Use different, unique passwords for every online account.
  • Keep your computer safe by updating your operating system, keeping software up-to-date and running antivirus programs with the latest detection patterns.

 

Related: This is how your stolen data may be used after a breach

 

As always, Komando.com has tips to protect you from any kind of data breach. Here are steps you can take to protect yourself:

  • Get into a routine of changing your online account passwords every three months. That means something new and different for each account because if one gets breached, that compromises so much more if you're using the same password.
  • Be on the lookout for phishing scams. Hackers will create emails pretending to be the affected company in hopes of getting you to click on malicious links. If the email provides a link back to the company, don't click on it. Type the company's actual URL on your browser to avoid a spoofed site.
  • Frequently check your bank statements for signs of suspicious activity. If you see anything strange, report it immediately.
  • If you see suspicious activity on your credit cards, call your credit card company and put a freeze on your accounts as soon as possible.
  • Install strong security software not just on your PC but also on your smartphones.

If they haven't already, hackers eventually will get some of your information because they're always cooking up new schemes. But you can minimize the damage if you take proper action.

Create easy-to-remember yet super-tough passwords

n the wake of password exposures and account hacks, I cannot emphasize enough the importance of basic safety measures. Having a secure program to guard your personal information doesn't do you much good when your password is "12345."

Click or tap here to learn how to create perfect passwords.

Next Story
View Comments ()
NASA's plan to destroy an Earth-ending asteroid
Previous Happening Now

NASA's plan to destroy an Earth-ending asteroid

Creepy new Facebook device wants to watch you watch TV
Next Happening Now

Creepy new Facebook device wants to watch you watch TV