Can the service restore users trust by starting from scratch?
After a series of hacks that occurred more than a year and a half ago, LastPass, a company specializing in password management, announced its separation from its parent company GoTo. The decision to spin off LastPass as a separate company was made back in December 2021, six years after the purchase of GoTo. LastPass will now operate under the management of the joint-stock holding company LMI Parent.
LastPass's problems began in late 2022, when hackers were found to have stolen the source code in August of that year. In November, the company reported that attackers gained access to "certain elements" of customer information, but assured that user passwords remained safe. Despite this, the hackers were able to copy a backup copy of the password vault, as well as capture the encryption keys, at least some of them.
In September 2023, security researchers pointed out several indications that this hack was used to steal more than $ 35 million from the cryptocurrency wallets of more than 150 victims. In particular, the stolen " seed phrases — - digital keys needed to access investments in cryptocurrencies-were precisely stored in LastPass.
In January, the company began requiring new and existing customers who reset passwords to set a master password of at least 12 characters. This is considered an industry minimum for providing decent security. Previously, LastPass offered 12 characters by default, but allowed shorter passwords.
In response to criticism and attempts to restore trust, LastPass announced the creation of a "specialized threat intelligence group" last year. New executives have recently been invited to join the team, including a former McAfee vice president.
However, the company is still run by Karim Tubba, who was at the helm at the time of the 2022 hack disclosure. It seems that LastPass has a lot of work to do to earn the trust of users again.
After a series of hacks that occurred more than a year and a half ago, LastPass, a company specializing in password management, announced its separation from its parent company GoTo. The decision to spin off LastPass as a separate company was made back in December 2021, six years after the purchase of GoTo. LastPass will now operate under the management of the joint-stock holding company LMI Parent.
LastPass's problems began in late 2022, when hackers were found to have stolen the source code in August of that year. In November, the company reported that attackers gained access to "certain elements" of customer information, but assured that user passwords remained safe. Despite this, the hackers were able to copy a backup copy of the password vault, as well as capture the encryption keys, at least some of them.
In September 2023, security researchers pointed out several indications that this hack was used to steal more than $ 35 million from the cryptocurrency wallets of more than 150 victims. In particular, the stolen " seed phrases — - digital keys needed to access investments in cryptocurrencies-were precisely stored in LastPass.
In January, the company began requiring new and existing customers who reset passwords to set a master password of at least 12 characters. This is considered an industry minimum for providing decent security. Previously, LastPass offered 12 characters by default, but allowed shorter passwords.
In response to criticism and attempts to restore trust, LastPass announced the creation of a "specialized threat intelligence group" last year. New executives have recently been invited to join the team, including a former McAfee vice president.
However, the company is still run by Karim Tubba, who was at the helm at the time of the 2022 hack disclosure. It seems that LastPass has a lot of work to do to earn the trust of users again.
