Skip to main content

LastPass Vulnerability May Have Exposed Passwords On Certain Browsers

By April 7, 2017May 25th, 2021Cybersecurity

Tavis Ormandy is either the first, or the last person on the planet you ever want to get an email from, depending on your point of view. As Google’s best, most prolific bug-hunter, he’s constantly on the prowl for security flaws that could be exploited by hackers that could put your data at risk. Recently, he found a pair of big ones.

LastPass is one of a number of companies that offer a password vault service. The idea is that because people have so many passwords, it’s hard to remember which one goes where.

The password vault means that you don’t have to. You store each of your passwords in one secure location. Then, they’re recalled from the vault automatically, when and as needed.
That’s great in theory, and most digital security professionals recommend their use, but they do come with one glaring weakness.

Your password vault is only as secure as the company protecting it. If there are any bugs or flaws in the vault’s design, then any password you put into it is at risk if the hackers breach the vault. Since people tend to store all their passwords in the same vault, they essentially have the “all your eggs in one basket” problem.

Unfortunately, in recent months, there have been a whole string of vulnerabilities found in LastPass’ system. This has led to disgruntled users venting their frustrations on Twitter, wondering just how seriously the company takes digital security.

Just this past week, Ormandy himself identified two potentially devastating security flaws, one impacting people who use the Google Chrome web browser, and another that impacted FireFox users. In both cases, within hours of sending his report, the company responded and closed the security gaps that were discovered. However, the recent spike in discovered flaws is certainly disturbing to those who rely on the service to safeguard their passwords.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.