PSA: Update your LastPass extensions NOW!

Latest bug in LastPass leaks sensitive data!

Here is an important post folks.  Sam Jacobs sent over a note reminding me that there is a very serious security flaw in certain versions of LastPass.  I will get right to it – Upgrade any LastPass extensions you have in Chrome or Opera to protect yourself.

The bug which was fixed in version 4.33.0 and released on September 12th apparently leaks credential information to malicious websites for legit websites you may have visited prior and no user interaction is necessary to exploit this weakness except visiting the devious site.

For the majority of LastPass users, the extensions should auto update but it is worth the extra few minutes to verify that you are indeed running the patched version since nobody wants to leak their passwords to the internet.

In Chrome, you can right click on the LastPass extension menu:

image

Click Manage Extensions

From here, you can verify that you are running version 4.33.0 (or higher) and if not, manually update the extension.

image

You can read about this exploit in more detail here on LastPass’ own blog.

While no piece of software is impervious to bugs, I was glad to see LastPass address this so quickly.  It is super important to use a password manager (and 2 factor Authentication) whenever possible.  Having unique passwords for EVERY site will be the best defense for leaked information on the internet.  At least, when/if it happens, the exposure is limited.  Most people get really hammered when they use the same credential combinations across multiple sites.  When one is compromised, they all are. 🙁

If you are still reading this and haven’t signed up for LastPass yet, You can use my referral link here.

Be safe out there!
Carlo

TAGS