/cdn.vox-cdn.com/uploads/chorus_asset/file/25428680/Screenshot_2024_05_01_at_9.44.12_AM.png?w=932&resize=932,640&ssl=1)
It’s been more than a year and a half since LastPass suffered consecutive high-profile attacks, and the company now says it separated from its parent company, GoTo.
GoTo announced that it would spin off LastPass as its own company in December 2021, six years after purchasing the company. Now, the password vault company will operate under an equity holding company called LMI Parent.
In September 2023, security researchers said that multiple clues pointed to this hack being used to steal more than $35 million from the crypto wallets of more than 150 victims. One such clue was that each of these customers apparently stored their “seed phrase” – a digital key needed to access cryptocurrency investing – in LastPass.
And in January, LastPass began enforcing a 12-character minimum for master passwords for new and existing customers during resets. This is considered the industry minimum for decent security, and although LastPass already defaults to 12 characters, it would allow customers to set shorter passwords anyway, which, among other issuessecurity experts widely criticized it following its double breaches.
The company appears to be trying to show that it is reformed. It said it established a “dedicated threat intelligence team” last year, and its recently hired executives include a former McAfee vice president.
But it’s still under the same CEO, Karim Toubba, who ran the company when it revealed the truth about the 2022 breach in pieces over several months. You can have a lot of work to do if you want people to trust this again.
