Phishing attack could steal LastPass password manager details
Marlene Breverman stashed this in Hackers
Hackers can simulate a login dialogue so closely that even careful users might simply give them their username, password and even their two-factor key
"The attack relies on a user visiting a malicious website or one that has been compromised with a malicious advert or code. It will detect if the browser is using LastPass, mimic a LastPass notification, remotely log-out the user and request their password and two-factor authentication key."
Geez. We have to be VERY careful online. Always did, always will have to.