An anonymous reader writes: Security researcher Sean Cassidy has developed a fairly trivial attack on the LastPass password management service that allows attackers an easy method for collecting the victim’s master password. He developed a tool called LostPass that automates phishing attacks against LastPass, and even allows attackers to collect password vaults from the LastPass API. Read more of this story at Slashdot.
Originally posted here:
LastPass Vulnerable To Extremely Simple Phishing Attack
