On Saturday, March 25th, security researcher Tavis Ormandy from Google’s Project Zero reported a security finding related to the LastPass browser extensions. In the last 24 hours, we’ve released an update which we believe fixes the reported vulnerability in all browsers and have verified this with Tavis himself.
I was a LastPass user for years and then they were hacked. I spent a week changing passwords and fully divesting of the LastPass ecosystem and it took a year before I had the courage to try out an alternative provider. LastPass lost my business and now they’ve been hacked again. When a password manager is hacked, that should be 1-strike you’re out. No one should store their data with LastPass ever again.