Everybody should be using a password manager. I just had a post the other day talking about Dashlane and a push for the enterprise business. Now it's time for LastPass to be in the news. Google security researcher Tavis Ormandy first discovered the problem. The next day Mathias Karlsson at Detectify Labs was able to hack LastPass and steal user passwords. The bug was in the password manager's Chrome extension. Typically, the extension is used to automatically fill in the user credentials. Apparently, the code can be tricked with a fake URL.
LastPass has already fixed the bug and announced further recommendations for online security. If you are a LastPass user, make sure you get the update installed as soon as possible.