For a long time it was possible to view login details of the popular password management app LastPass by redirecting users to websites with malicious code, writes a security researcher from Google.
The researcher managed to retrieve the login details of the previous site that someone had visited.
The researcher did this by sending the user to a site with an incorrect code. The vulnerability has been fixed in the last update of the password manager.
LastPass users are advised to update the app as soon as possible if the app is not updated automatically. There is currently no evidence that a hacker has previously exploited this vulnerability.