It looks like LastPass is facing a security issue as a dangerous zero-day bug has been found, which can apparently completely compromise user accounts according to reports this week. Right now, millions of users trust LastPass as a safe tool to store and generate secure passwords, but password vaults could apparently be compromised quite easily.
According to a report from The Register, while little is known publicly about the bug, it would grant attackers with complete access to user accounts. The bug was discovered by Tavis Ormandy, who has previously uncovered major security issues with several anti-virus programs.
Ormandy took to Twitter to say: “Are people really using this lastpass thing? I took a quick look and can see a bunch of obvious critical problems. I'll send a report asap”, he later followed that up by confirming that he has reported the issue to LastPass and that it did pave the way for total remote compromise of accounts. The security team is working on a fix as we speak, so if you use LastPass, check for an update.
So far, we haven't heard of any attacks stemming from this bug prior to its fix and from the sounds of it, a fix should be here today, so it is unlikely that this will end up causing any major issues.
KitGuru Says: Millions of people use LastPass so a bug like this could have been dangerous for a lot of people. However, LastPass seems to be on the case already, so the fix should arrive before anyone is adversely affected.
From my understanding about this Bug, as long as you use 2FA your account still cant be compromised. (Unless they have access to your 2FA)