LastPass, the popular password manager app has come under the radar again. Exodus, a German security firm made a thorough investigation and found a vulnerability in the app. Also Read - Apple iPhone X successfully hacked to access recently-deleted photos or files
The security firm unearthing the functionalities of the freemium password manager claimed that LastPass collects and sends personal information of subscribers via the Android app. The process initiates with the help of seven built-in trackers. Also Read - Apple iPhone X, Samsung Galaxy S9, and Xiaomi Mi 6 fall at annual hacking competition
As per the firm’s report, the built-in trackers collect data including device information, type of LastPass account, mobile operator, Google ad ID used to connect user data across other apps, platforms. Out of seven trackers, four are for Google Analytics and crash reports. While the rest three send information to AppsFlyer (mobile marketing analytics and attribution platform), MixPanel (a business analytics service company), and Segment that specialises in targeting ads. Also Read - Strong smartphone security is a challenge for law enforcement agencies: Ravi Shankar Prasad
While LastPass says that the built-in trackers don’t share sensitive user information and are rather meant to improve user experience, one shouldn’t forget the serious flaw that nearly exposed the credentials of millions of subscribers in 2019. The dangerous bug allowed potential hackers to steal passwords from sites previously viewed websites. While LastPass managed to fix the issue in a short time, researchers cited that few of these used password managers which have been widely used for years have serious flaws, and not all of which have been fixed yet.
Security researchers, no doubt believe password managers to save your passwords in a secure vault. But the invasion of privacy even if it is via a built-in tracker poses a serious security threat for users. In case you don’t want such trackers on your device you can simply disable it by heading to the Privacy sub-menu (for the LastPass app) and turn it off. And if you still want to head the rocky road, here are a few tips that you should consider to protect your crucial data.
Tips to secure your personal data from intruders, malicious hackers
- If you prefer using a password manager, it is always recommended to pick those password managers that secure your data both on your device and the cloud with the ‘toughest form of encryption.’
- Ensure that the master password in the password manager is strong. It is better to use facial or fingerprint authentication to unlock the password manager’s mobile app.
- Another way to secure your personal data is the use of two-factor authentication. While many of us find it cumbersome to take that extra step, two-factor authentication provides an added layer of protection in case someone gets hold of your password.
- There are many mobile apps which even if you don’t grant permission to access your data it can easily harvest sensitive information. To save your personal data from getting stolen, it is advised not to store confidential documents, emails on your phone.
- Creating unique passwords can be a headache, especially if you have multiple accounts across platforms. But simple passwords (like a birthday) that can be easily sniffed by hackers is a terrible idea to put through. If you can’t think of strong passwords for your accounts, there a host of secure password generators online that can do the job for you.
- Always make sure that the data on your phone is backed up. That way you will be able to save critical information, in case your data is wiped due to any malware attack or if you accidentally wiped it.
- Last but not the least, only give apps permission to access data that is necessary for an app to function. It is advised to keep track of which permissions you give to installed apps and revoke permissions that are not needed. Scrutinizing your app permissions now and then will make you aware of what apps are doing with your data and likely save it from getting exploited.