Passwords are the first and last line of defense against getting hacked, which is why users are strongly advised to use strong and different passwords for each service. Keeping track of those, however, is more than our little brains can handle, which is why password managing services have thrived. But what if those services themselves become vulnerable? That was the situation LastPass found itself in when its web extensions were discovered to be exploitable and can be used to trick users into giving away their passwords. The good news is that LastPass has already addressed those issues, but should still serve as a warning to everyone.