LastPass: Difference between revisions

Line 8:

|Description=LastPass is a password manager application that allows users to store passwords and notes securely using one master password.

}}

~~{{Ph~~-C-~~Int}}~~

'''LastPass''' is a password manager application that allows users to store passwords and notes securely using one master password. It was launched in 2008 and was one of the first widely adopted password managers.

In 2015 LastPass was acquired by GoTo (formerly LogMeIn Inc) for $110 million. LastPass was later spun off into it's own company being acquired by private equity firms Francisco Partners and Elliott Management in 2024.<ref>https://www.lastpass.com/company/newsroom/b948ad48-3268-4c9e-8b45-0d6d02d0b4e7</ref>

==Consumer-impact summary==

~~{{Ph-C-CIS}}~~

LastPass, being a password manager, stores and transmits highly sensitive information (passwords and secure notes). LastPass relies on it's users trusting it to safely handle this information and have it be accessible.

Use of a subscription service for more device types allows LastPass to restrict where users can view their passwords.

LastPass has suffered a number of security incidents over the years with the most severe being the 2022 data breach which saw encrypted customer passwords and secret notes get exposed.

==Incidents==

~~{{Ph-C-Inc}}~~

===Free Tier Device Type Restrictions===

~~This is a list of all consumer-protection incidents related~~ to ~~this product~~. ~~Any incidents~~ not ~~mentioned here can~~ be ~~found in the [[~~:~~Category:{{PAGENAME}}|{{PAGENAME}} category]]~~.

On February 16, 2021 LastPass changed it's free tier to restrict users to only one device type. After March 16, 2021 If a user was using LastPass on their Computer they would not be able to view their LastPass vault on mobile without paying for premium. These restrictions locked a large number of LastPass's userbase out of their passwords.<ref>https://blog.lastpass.com/posts/changes-to-lastpass-free</ref>

===~~Example incident one (''date'')~~===

===2022 Data Breach===

~~{{Main|link~~ to the ~~main CR Wiki article}}~~

In August 2022 and November 2022 LastPass suffered a data breach involving a backup copy of a customer database and customer password vaults. The attackers used a compromised developer account to access source code which contained credentials to the aforementioned backup database. The stolen data included encrypted usernames, passwords and secure notes. It was also discovered that URLs, IP Addresses, Phone Numbers and some emails were unencrypted.<ref>https://securityscorecard.com/blog/what-did-the-lastpass-breach-reveal-about-password-manager-security/</ref>

~~Short summary of the incident (could be the same as the summary preceding the article)~~.

~~===Example incident two (''date'')===~~

...

==See also==

~~{{Ph-C-SA}}~~

==References==

~~{{reflist}}~~

[[Category:{{PAGENAME}}]]

@@ Line 8: / Line 8: @@
 |Description=LastPass is a password manager application that allows users to store passwords and notes securely using one master password.
 }}
-{{Ph-C-Int}}
+'''LastPass''' is a password manager application that allows users to store passwords and notes securely using one master password. It was launched in 2008 and was one of the first widely adopted password managers.
+In 2015 LastPass was acquired by GoTo (formerly LogMeIn Inc) for $110 million. LastPass was later spun off into it's own company being acquired by private equity firms Francisco Partners and Elliott Management in 2024.<ref>https://www.lastpass.com/company/newsroom/b948ad48-3268-4c9e-8b45-0d6d02d0b4e7</ref>
 ==Consumer-impact summary==
-{{Ph-C-CIS}}
+LastPass, being a password manager, stores and transmits highly sensitive information (passwords and secure notes). LastPass relies on it's users trusting it to safely handle this information and have it be accessible.
+Use of a subscription service for more device types allows LastPass to restrict where users can view their passwords.
+LastPass has suffered a number of security incidents over the years with the most severe being the 2022 data breach which saw encrypted customer passwords and secret notes get exposed.
 ==Incidents==
-{{Ph-C-Inc}}
+===Free Tier Device Type Restrictions===
-This is a list of all consumer-protection incidents related to this product. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].
+On February 16, 2021 LastPass changed it's free tier to restrict users to only one device type. After March 16, 2021 If a user was using LastPass on their Computer they would not be able to view their LastPass vault on mobile without paying for premium. These restrictions locked a large number of LastPass's userbase out of their passwords.<ref>https://blog.lastpass.com/posts/changes-to-lastpass-free</ref>
-===Example incident one (''date'')===
+===2022 Data Breach===
-{{Main|link to the main CR Wiki article}}
+In August 2022 and November 2022 LastPass suffered a data breach involving a backup copy of a customer database and customer password vaults. The attackers used a compromised developer account to access source code which contained credentials to the aforementioned backup database. The stolen data included encrypted usernames, passwords and secure notes. It was also discovered that URLs, IP Addresses, Phone Numbers and some emails were unencrypted.<ref>https://securityscorecard.com/blog/what-did-the-lastpass-breach-reveal-about-password-manager-security/</ref>
-Short summary of the incident (could be the same as the summary preceding the article).
-===Example incident two (''date'')===
-...
 ==See also==
-{{Ph-C-SA}}
 ==References==
-{{reflist}}
 [[Category:{{PAGENAME}}]]