According to one Google engineer, Tavis Ormandy, Lastpass has several obvious problems. The technical details are probably above my pay grade, but this sounds pretty serious. Here is his tweet:
Are people really using this lastpass thing? I took a quick look and can see a bunch of obvious critical problems. I’ll send a report asap.
— Tavis Ormandy (@taviso) July 26, 2016
No word yet on what the vulnerability is, but every Lastpass user should stay tuned. I use Lastpass and trust it, but I don’t use it for any banking sites, and I don’t keep any notes in LP that I couldn’t afford to lose. I always obscure any passwords that I write in my notes and I would advise others to do the same.