This isn’t the first time LastPass has had to fix critical security flaws. In March of this year, the company had to fix some server-side issues and update its extensions. If you use LastPass on Android now, though, you’ll want to update your app to the latest version. If your phone was stolen or lost and you need to re-enable the multi-factor authentication feature, LastPass has a list of recommended steps.
Ultimately, this exploit helped clue the company in that its response process needs an overhaul, as well. The original developer was unable to successfully notify the company about the exploit, which is why he used Medium. LastPass has since revamped it’s procedures for reporting issues like this. “At LastPass, investigating and responding to security reports – and customer concerns in general – is our highest priority and we strive to always improve our internal processes,” said the company in a statement.