Security Expert Warns About LastPass and Its Seven Trackers, Recommends Against It

A security researcher has recommended against the use of LastPass password manager after finding seven trackers in it.

LastPass trackers
The existence of the trackers could potentially cause security flaws, according to Kuketz. Leon Neal / Getty

LastPass Has Seven Trackers

According to a report by The Verge, the trackers from the LastPass password manager app was found by security researcher Mike Kuketz, who said that although the trackers did not suggest transferring any of the users' personal details like their names and passwords, their existence is a "bad practice" for such apps that handle sensitive information.

The Register, which was the first to report the news, said that Kuketz was able to spot the trackers through an analysis provided by Exodus.

Exodus describes itself as "a non-profit organization led by hacktivists [whose] purpose is to help people get a better understanding of the Android applications tracking issues."

Based on the report, the seven trackers found in the Android password manager app include four trackers from Google, which is used for analytics and crash reports, while the other three are from MixPanel, AppsFlyer, and Segment.

Integration of Code Could Lead to Security Flaws

It seems that the trackers are used to help profile users of the LastPass app for customized adverts based on their activities online, a common practice these days.

Through the Exodus report, Kuketz analyzed the seven trackers and found out that they included the smartphone's make and model as well as information on whether the device has its biometrics security enabled.

Nevertheless, there is no proof that the trackers provide anything that could identify LastPass users.

But according to the cybersecurity researcher, the integration of the third-party code in itself is already dangerous as it has the potential for security vulnerabilities that could be used to gather the sensitive information you are hiding.

Furthermore, it seems like the app developers themselves are not aware of the type of data collected and transmitted to these third-party providers, as noted by Kuketz.

"f you actually use LastPass, I recommend changing the password manager," Kuketz wrote, as per The Verge. "There are solutions that do not permanently send data to third parties and record user behavior."

More Trackers Than Its Competitors

It also appears that LastPass is not the only password manager that includes a tracker but based on the report, it has more trackers than its popular competitors on the market, such as the free password manager app Bitwarden that only has two and 1Password that has none.

Meanwhile, Dashlane and RoboForm, which are also alternatives to LastPass, have four trackers.

LastPass has both free and premium tiers, but many of its users are currently using the free version, although it's been on the headlines lately as the company has decided to limit the functionality on its free tier, leaving many of its users disappointed.

For example, users should be able to store an unlimited number of passwords across their devices on the app, but if the changes come into full effect on Mar. 16, they will have to choose one category of devices from between "Mobile" and "Computer" to view and also manage their passwords, unless they want to pay for its full service.

This article is owned by Tech Times

Written by: Nhx Tingson

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics