Wladimir PalantDec 26, 2022

Writing more about #LastPassBreach feels like beating a dead horse. But I had a look at the official statement again and it is highly misleading. I felt the need to provide some context that #LastPass is willingly omitting.

“Again, it seems that LastPass attempts to minimize the risk of litigation (hence alerting businesses) while also trying to prevent a public outcry (so not notifying the general public). Priorities…”

https://palant.info/2022/12/26/whats-in-a-pr-statement-lastpass-breach-explained/

What’s in a PR statement: LastPass breach explained

The LastPass statement on their latest breach is full of omissions, half-truths and outright lies. I’m providing the necessary context for some of their claims.

Almost Secure
Show threadAdrian Sanabria

@WPalant this is an excellent analysis!

I'd like to add that their wording around "Secure Notes" created a huge amount of confusion, where many of us assumed what Lastpass was doing was less secure than what they were actually doing.

It's really a terrible, terrible example of breach communication.

Dec 27, 2022 at 6:18pmWeb