Recently, cybersecurity researcher Sean Cassidy revealed a phishing tool called LostPass that he developed to attack password manager LastPass. LostPass was even able to bypass 2-factor authentication, raising security concerns among the many loyal LastPass users.
If you are a LastPass user, don’t panic…yet. To be affected, the LastPass user had to visit a malicious website. LastPass was having a technical issue that allowed the malicious webpage to make it appear that the user had logged out, and when the user clicked on the new login button–in reality a false banner created by the attacker–it sent them to a new screen which looked identical to the LastPass login screen. They were then prompted to login using their LastPass master password, and the password was sent to the hacker’s server, providing access to all of the user’s information stored in LastPass.
Abine’s security professionals want to be sure that you stay safe online to protect yourself and your online privacy.
The bottom line from our experts: always be sure of a website where you are entering your password and login credentials. If you have any doubts, with Abine’s product Blur you can visit https://dnt.abine.com and verify that the green lock in the URL bar has the same address: https://dnt.abine.com. When logging into a new page, always be sure that the address on this green lock matches the address of the page you believe you are visiting.
Remember to keep your passwords strong and unique for each website, and use Masked Cards or Masked Emails when you aren’t sure about a website to protect your credit card information, email address and your online privacy.