LastPass has taken measures to mitigate a phishing attack described this weekend at ShmooCon that put at risk users credentials and information stored by the password manager. A researcher demonstrated an attack where he was able to recreate a LastPass login page, pixel-for-pixel as he said. The company has made email verification a default requirement when accounts are being accessed from new locations or devices. LastPass said it is rethinking its reliance on the browser viewport for notifications and is working on options to bypass it.
Source: https://threatpost.com/lastpass-mitigates-newly-disclosed-phishing-attack/115911/