news.volyx.in

LastPass notifies users of yet another data breach (9to5mac.com)

526 points by mooreds · 17 days ago · 238 comments on HN

Article summary

LastPass has notified its users of a data breach that occurred through one of its outside partners, Klue, a market research firm. The breach resulted in the exposure of customer information, including names, phone numbers, email addresses, and physical addresses, as well as support case data and sales-related data. LastPass claims that its password vaults were not affected. The company is recommending that customers remain vigilant of potential phishing attacks or social engineering attempts leveraging the compromised information.

Main themes

  • Data Breach
  • Password Security
  • Third-Party Risk
  • Customer Data Protection
  • Cybersecurity

What commenters say

  • The breach highlights the risks of relying on third-party services and the importance of prioritizing security over sales and profits.
  • Using a password manager can be a tradeoff between individual account risk and systemic risk, and some argue that the benefits outweigh the risks.
  • Some commenters believe that online password managers are inherently less secure than offline solutions and that companies like LastPass are prioritizing profits over customer security.
  • Others argue that password managers can provide additional security benefits, such as protection against phishing, and that the risk of a breach can be mitigated with proper security measures.
  • There is a need for greater accountability and consequences for companies that experience data breaches, including personal liability for executives.
  • The use of cloud-based password managers is a convenient solution for many users, but it also creates a single point of failure and a high-value target for hackers.
  • Some commenters suggest that a hardware-based password manager, similar to a bitcoin hardware wallet, could provide an additional layer of security and protection for users.
  • The frequency and severity of data breaches at companies like LastPass have led some to question whether they can be trusted to protect customer data.