Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There was also the XSS flaw in Feb last year that allowed an attacker to retrieve your email address, your password reminder, the list of sites you log into and the history of your logins, including which sites you logged into, the time and dates you logged into them, and the IP addresses you logged in from.

https://grepular.com/LastPass_Vulnerability_Exposes_Account_...

Their reaction to this flaw was exemplary though, and LastPass is a lot more secure now because of it.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: