|
|
|
|
|
|
by paradox242
1244 days ago
|
|
|
This was also the final straw for our organization, we have initiated a company-wide reset of any credentials stored in in their service (thanks, LastPass) and are definitely not going to be renewing. The frequency of recent breaches, and especially the opaque manner in which they have been handled have destroyed any credibility they may have once had with regard to being trustworthy enough to store important secrets. |
|
|
That reads like you're resetting credentials and then putting the new credentials back in LastPass, and then possibly maybe moving away from LastPass at some point in the future.
Given how little LastPass has disclosed, and the negligence we already know about, we should not only assume we're breached, but we should also assume LastPass is still storing critical data in cleartext, they don't have a "zero knowledge architecture", and their systems are still vulnerable to intrusion and exfiltration.