A recent corporate ownership takeover was brought up a lot, ownership has changed hands again, but improvements within Lastpass were few and far between before that. Other outlets covered the story and made it even more outrageous. You can’t keep bad news out of Google with a noindex tag. LastPass allegedly tried to hide their company updates about the breached password vaults with noindex tags. We have taken issue in the past with antivirus and VPN companies have sold their users data to marketing companies, and we feel that Lastpass You can look at Wordfence’s recent example of making threat data public to see a good example of community. Security Companies and products should feel a greater sense of accountability to the public.
Normally there are emails from Lastpass warning about minor security issues, but I don’t recall seeing an email from them warning me that this happened. Not disclosing that this happened was surprising to say the least. Having a server breached and password vaults taken, that’s a bit worse, especially for a security company it shows a lack of expertise and ignoring threats. The employee may or may not have been targeted for the vault. Their employee had their home broken into, I feel bad for them on a personal level, and I understand that these things happen. We experienced it first hand and changed hundreds of passwords (just in case). If you were impacted by the Lastpass breach because we recommended it, we apologize for your inconvenience. The response to the security breach is what is the cause of this change in recommendation. A product we have recommended to our clients for over ten years has experienced a major slip up recently, and compounded their security missteps with a ham handed attempt to cover up what they had done to their user’s security.