Users of LastPass are vulnerable to a phishing attack that requires preventive measures. Sean Cassidy, CTO at Praesidio, a cloud cyber security startup, detected that attackers can steal a user’s password, email and two-factor authentication code, which make all the user’s documents and passwords vulnerable. He described the vulnerability and suggested protection measures on his website. He also discussed LastPass at ShmooCon 2016, a hacker convention.
The attack, which Cassidy references as LostPass, displays messages in the browser that an attacker can fake. The user cannot distinguish between the fake LostPass message and the real message since the fake one looks the same [...]