LastPass Should Apologize

If you haven’t heard, LastPass, which provides password management, experienced a data breach in August 2022. Every user’s unencrypted data, such as website URLs, and encrypted data, such as website usernames and passwords, were stolen.

LastPass used its blog to keep its users informed. You can tell by the language that the company has been trying to downplay the incident, and it never apologizes. For example: “If you use the default (password) settings above, it would take millions of years to guess your master password using generally available password-cracking technology.”

Still, that’s not very reassuring. The whole point of using a program like LastPass was to have all your passwords secured in one location. Now all those individual passwords will need to be changed. That’s a significant inconvenience.

In addition, users are likely concerned about hackers accessing their accounts, and they should rightfully feel this way. However, the closest thing to an apology LastPass offered was, “We recognize that security incidents of any sort are unsettling but want to assure you that your personal data and passwords are safe in our care.”

Even worse, the company shifted the blame to customers who don’t follow best practices for creating passwords.

The consequences of LastPass appearing unconcerned and unapologetic, besides damage to its reputation and credibility, will be losing current customers and not being able to acquire new ones.