![]() This is just about the worst possible security incident imaginable for a password manager like LastPass - nearly all data in the company’s possession has been copied. ![]() ![]() ![]() For example, if someone has a password for Bank of America’s website, they might have an account there, and would be an excellent target for phishing emails that look like account alerts from the bank. Someone with the leaked data would be able to see all the websites that were associated with passwords, then use that for more targeted phishing. Names and billing addresses can be used in more attacks, and the website addresses for stored passwords were not encrypted. LastPass just disclosed the full scope of the attack, following an “ongoing investigation.” The hacker was able to access a cloud storage environment using data from the August security breach, which included “basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.” Credit card information was apparently not accessed.Įven without the master password, the leaked data could be damaging for some LastPass users. Later in December, LastPass confirmed a hacker was able to use that data to “gain access to certain elements of our customers’ information.” The company didn’t clarify what “certain elements” meant, until now. LastPass suffered a security breach back in August, when a hacker gained access to development environments and was able to steal source code and other proprietary information. Now the company has confirmed the last one was really bad. LastPass literally lying and withholding info about the breach.LastPass used to be one of the best password managers, but more recently, its reputation has taken a hit from multiple security breaches. Billing continuing after the service is shut off. Entire databases leaked with unencrypted fields enabling profiles to be created about your browsing activity. Accounts deleted, but not really deleted. Nothing about this major security incident seems trivial to me. People really, really are trying their damnedest to channel their inner Karen and find the most trivial things to get worked up over and throw a shitfit. Is this really that difficult? Would you be okay with your cable provider billing you after they disconnected your service? When you delete your account, you expect it to, well, delete your account! So: stop billing you, remove your Email address/personal info from their system, and for gosh sake stop billing you for an account that no longer exists. You are actually correct! A "reset my account" feature where you start fresh, but with the same Email address/payment info, is a great feature.īut, and this is a really big but, that feature is not called "delete my account". I actually consider being able to nuke your vaults while maintaining your subscription balance to be feature, so YMMV. At the very least, this seems very misleading for anyone who thinks LastPass is deleting their credit card information and email address when you delete your account. I haven't tried calling to request deletion. That page has zero info on deleting your account or payment information. If you go to My Account, then click Update Payment Method, you'll notice something interesting. ![]() This means they don't actually delete your email address or account information at all. If you delete your LastPass account and create a new account (using the same email address), any remaining LastPass Premium subscription time associated with that email address will automatically carry over to your newly recreated LastPass account.This means that even after you delete your account, they still keep your payment information! Next: If you want to cancel your subscription and no longer be billed, please see How do I cancel automatic renewal for LastPass Premium? Deleting your LastPass account does not cancel your subscription.I was pretty horrified to read a few things on the LastPass page explaining to how to delete your account. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |