LastPass says 12-hour outage caused by bad Chrome extension update
LastPass says its almost 12-hour outage yesterday was caused by a bad update to its Google Chrome extension.
Starting at around 1 PM ET yesterday, LastPass users were suddenly unable to access their password vaults or log into their accounts, instead seeing "404 Not Found" errors, which typically indicate a page does not exist.
The impact did not go unnoticed, with LastPass customers venting their frustration on Reddit and Twitter about the outage and their inability to retrieve their saved credentials and log in to sites.
"Even their offline login doesn't work. I'm shifting my family over to 1Password," a person on Reddit wrote.
"I can't believe they don't have contingencies in their infrastructure. I am essentially locked out of all the websites I use until they fix this," said another user.
At approximately 8 PM ET, LastPass said they resolved the issue, stating that a bad update to the Chrome extension put too much stress on their servers.
"Our engineers have identified that an update to our chrome browser extension earlier today inadvertently caused load issues on our backend infrastructure," reads the LastPass status page.
"We are working hard to address the issue and are actively working towards a resolution."
Throughout Friday, LastPass continued with new status updates stating that performance is now stable and operational.
However, users continued to complain into today that since they installed June 6th update, they have been unable to log in to LastPass, or certain features didn't work, indicating that the outage lasted longer than initially stated.
"Won't work in Chrome since the last update. I can access my vault, but cannot launch any of the sites I have in it. Clicking the "Launch" button does nothing!!," reads a review on the Chrome web store.
It is unclear what changes were made to the Chrome extension, but for it to affect the company's online services, it likely meant that the extension was creating too many requests, essentially DDoSing the platform.
BleepingComputer contacted LastPass to learn more about what happened but received no response before publishing.
source: BleepingComputer
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
November 23, 2024Download: CIS Critical Security Controls v8.1
August 8, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024