Bug in a popular password manager may have exposed millions of logins

September 18, 2019

By Kim Komando

Well, this isn’t good. You’ve learned to create more difficult passwords, you have different passwords for all your online accounts — you even use a password manager program.Now you find out that your password manager could have exposed your login credentials. There’s nothing more frustrating than following the rules only to still have hackers get their paws on your passwords.A bug was indeed found on a popular password manager program that could have been catastrophic. We’ll tell you which program was affected, what happened and how you can protect yourself.

Millions could have had passwords exposed

A security vulnerability on the password manager program LastPass briefly left about 16 million users at risk of having their credentials compromised. The bug was discovered by Google Project Zero.The bug could have revealed credentials entered on a previously visited site using either the Chrome or Opera browsers. There are no reports that any data was breached.LastPass purged the bug and updated its program as soon as the Google Project Zero team alerted them to the finding. LastPass said that although the bug was limited to Chrome and Opera browsers, the update has been deployed to all browsers.Related: Watch out for a big increase in malware that steals your passwordsGoogle Project Zero’s report showed that under a limited set of circumstances on the affected browsers an attacker could have created a clickjacking scenario. Even better, to exploit the bug a hacker would have to do a lot of work.A bad actor would only be able to exploit the vulnerability by getting a LastPass user to fill a password with the LastPass icon. The user would then have to visit a compromised or malicious site where they would be tricked into clicking on the site several times.If all that happened, only the last site credentials filled by LastPass would be exposed. It seems like a lot of effort for such a small payoff.

Keep using password manager programs

Malware can affect any program, so don’t let this incident put you off from using password managers. These programs are still the best way to protect your passwords for sensitive sites.Also, you’re more likely to create more difficult passwords if there’s a safe place to store them. In fact, it’s more likely you’ll be hacked by using the same passwords or easy to crack passwords on websites than a password manager program being hacked.Even if you already use a password manager, here are more safety tips:

Related: This is how your stolen data may be used after a breachAs always, Komando.com has tips to protect you from any kind of data breach. Here are steps you can take to protect yourself:

If they haven’t already, hackers eventually will get some of your information because they’re always cooking up new schemes. But you can minimize the damage if you take proper action.

https://www.komando.com/tips/cybersecurity/popular-password-manager-program-hacked-and-fixed-but-you-need-to-know-what-happened/