upvote

points

by TZubiri7 hours ago |
comments
upvoteby psandor6 hours ago|
next
[-]
“ the priority of sales and profits has resulted in the sacrifice of the main quality measure of their main and only product”

What do you mean exactly here What do you think LastPass could have done to prevent this specific issue?

reply
upvoteby khurs6 hours ago|
parent|
next
[-]
Did they need to give them all of this?

customer names, phone numbers, email addresses, physical addresses, support case data, sales-related data.

reply
upvoteby secabeen2 hours ago|
parent|
[-]
Generally yes, if you want to use a Customer Relationship Management system like Salesforce. Customer names, contact information, and info about what they bought from you is table stakes data for CRM is it not?
reply
upvoteby lyu072826 hours ago|
parent|
prev|
next
[-]
Bitwarden doesn't redirect you to a third party if you visit their support page:

https://bitwarden.com/help/

But LastPass does (Salesforce CNAME):

https://support.lastpass.com/s/?language=en_US

So this couldn't have happened to bitwarden, you own the reputation loss if any of your suppliers get owned. Though it really doesn't matter anymore for LastPass they leaked their customers vaults before, I have no idea how they can still be in business.

reply
upvoteby pasc18786 hours ago|
parent|
prev|
next
[-]
Not supply the information to any other company.
reply
upvoteby TZubiri5 hours ago|
parent|
prev|
[-]
Not installing the infected package of course.

It's worth noting that this is not 'their marketing provider' what they do is load 30 different providers for some reason, to maximize the reach of their data sharing and advertising network. Well, their network reached too far and touched an infected node.

reply
upvoteby gomox3 hours ago|
parent|
[-]
You have no idea what Klue is
reply
upvoteby fn-mote7 hours ago|
prev|
[-]
> the priority of sales and profits has resulted in the sacrifice of the main quality measure of their […] product

To be fair, and I don’t want to, supposedly the only thing that was compromised was contact info. No vaults were exfiltrated or unlocked (as far as the article info goes).

So this is really just another very boring info breach, not a targeted password-stealing hack.

The other breaches they suffered were worse.

reply