A security researcher has developed a phishing attack that tricks users of the online password manager LastPass into forfeiting their email addresses, master passwords, and two-factor authentication codes. Sean Cassidy, CTO of Praesidio Inc., presented on his so-called LostPass attack at the ShmooCon 2016 conference. LastPass has confirmed that the attack is not a vulnerability in the password manager, but has released an update that will prevent a user from being logged out by the phishing tool.”]
Source: https://grahamcluley.com/lostpass-attack-phish-lastpass-users-emails-passwords-2fa-codes/