Skip to Content
Security & privacy

Bug in a popular password manager may have exposed millions of logins

Well, this isn’t good. You’ve learned to create more difficult passwords, you have different passwords for all your online accounts — you even use a password manager program.

Now you find out that your password manager could have exposed your login credentials. There’s nothing more frustrating than following the rules only to still have hackers get their paws on your passwords.

A bug was indeed found on a popular password manager program that could have been catastrophic. We’ll tell you which program was affected, what happened and how you can protect yourself.

Millions could have had passwords exposed

A security vulnerability on the password manager program LastPass briefly left about 16 million users at risk of having their credentials compromised. The bug was discovered by Google Project Zero.

The bug could have revealed credentials entered on a previously visited site using either the Chrome or Opera browsers. There are no reports that any data was breached.

LastPass purged the bug and updated its program as soon as the Google Project Zero team alerted them to the finding. LastPass said that although the bug was limited to Chrome and Opera browsers, the update has been deployed to all browsers.

Related: Watch out for a big increase in malware that steals your passwords

Google Project Zero’s report showed that under a limited set of circumstances on the affected browsers an attacker could have created a clickjacking scenario. Even better, to exploit the bug a hacker would have to do a lot of work.

A bad actor would only be able to exploit the vulnerability by getting a LastPass user to fill a password with the LastPass icon. The user would then have to visit a compromised or malicious site where they would be tricked into clicking on the site several times.

If all that happened, only the last site credentials filled by LastPass would be exposed. It seems like a lot of effort for such a small payoff.

Keep using password manager programs

Malware can affect any program, so don’t let this incident put you off from using password managers. These programs are still the best way to protect your passwords for sensitive sites.

Also, you’re more likely to create more difficult passwords if there’s a safe place to store them. In fact, it’s more likely you’ll be hacked by using the same passwords or easy to crack passwords on websites than a password manager program being hacked.

Even if you already use a password manager, here are more safety tips:

  • Make sure to enable multi-factor authentication for all of your accounts, including your password manager.
  • Never reuse your master password on your password manager program and never disclose the master password to anyone.
  • Use different, unique passwords for every online account.
  • Keep your computer safe by updating your operating system, keeping software up-to-date and running antivirus programs with the latest detection patterns.

Related: This is how your stolen data may be used after a breach

As always, has tips to protect you from any kind of data breach. Here are steps you can take to protect yourself:

  • Get into a routine of changing your online account passwords every three months. That means something new and different for each account because if one gets breached, that compromises so much more if you’re using the same password.
  • Be on the lookout for phishing scams. Hackers will create emails pretending to be the affected company in hopes of getting you to click on malicious links. If the email provides a link back to the company, don’t click on it. Type the company’s actual URL on your browser to avoid a spoofed site.
  • Frequently check your bank statements for signs of suspicious activity. If you see anything strange, report it immediately.
  • If you see suspicious activity on your credit cards, call your credit card company and put a freeze on your accounts as soon as possible.
  • Install strong security software not just on your PC but also on your smartphones.

If they haven’t already, hackers eventually will get some of your information because they’re always cooking up new schemes. But you can minimize the damage if you take proper action.

Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me