Beware with LostPass: A tool to phish LastPass accounts.

Surprisingly it is an opensource project with 322 stars.

chrome-extension.pw is actually a domain in screen shot

GitHub link?

@CozyPlanes https://guthub.com/cxxr/lostpass

I've reported to github team. Not sure if they'll take some action.

@Maciek sorry spelling mistake. Can't edit.

@amitgupta From the repo: "I am not particularly interested in making it weaponized."

As it's a proof-of-concept, it's probably just used to make users aware that they shouldn't trust anything under the address bar.

Nothing malicious or anything like that...

@systemctl you may be right. But then a simple video demonstration can work to aware people instead of making the code publicly available.

Though, it'll not be very difficult to implement for the developers. But we still try not to make it ready to use.

It's Proof-of-concept, there's really no real use for it.

Hahahahaha

@amitgupta why would you report this? It's very much educational and interesting, little high school me would've loved it, was very interested in privacy and security breaches back in the day.

Don’t report this - the author has some very valid points.

Storing passwords is such a hassle - how do you guys cope with this? I was kinda in the lookout for a solution for a whole team

@amitgupta wtf mate ! Don't report it ! At least read first..

@Thewebdev I had taken it back a long time. Github team don't take much time to take any action (as per my experience). This post is 36d old.

If it is helpful for some developers... good. if it is not then be aware.....

@amitgupta alright ;)

@ArcaneEye for a single user this is fine - I need something for 20+ people and ideally it has some form of ACL

@ArcaneEye I could - I also like using the software that’s written by people that do password and credential storage Fulltime :D

Also if I write it, I have to maintain it for my current employer. I don’t really jive with that idea and also he wouldn’t pay me to do such things sadly