Yesterday, security researchers pointed out a flaw in the Android version of the LastPass Authenticator app that could potentially allow hackers to gain access to an account’s 2FA codes without requiring any sort of lock, PIN, or fingerprint authentication. Today, the company issued a new blog post to alert their users that this issue has now been fixed.
LastPass says that as soon as the security researchers discovered the flaw and pointed it out, their engineers went to work to fix the problem and make sure that the app always requires a PIN or fingerprint confirmation before allowing access to two-factor authentication codes.
LastPass says it’s very unlikely that anyone was affected by the vulnerability since it still required access to the device, but if you use the LastPass authenticator to secure your accounts you should download the new update that’s available in the Google Play Store immediately.
December 28, 2017 at 12:15PM