LastPass Vulnerable To Extremely Simple Phishing Attack

An anonymous reader writes: Security researcher Sean Cassidy has developed a fairly trivial attack on the LastPass password management service that allows attackers an easy method for collecting the victim's master password. He developed a tool called LostPass that automates phishing attacks against LastPass, and even allows attackers to collect password vaults from the LastPass API.

Re:after reading the details, this is significant

Sure, understood, but that makes is a design issue with LastPass, especially seeing as how Chrome has by far more users than Firefox.

Anyone stupid enough to use Chrome deserves to be a victim.