Unique and secure passwords are difficult to remember, so some consumers turn to password managers to store their passwords in an online vault. In December of 2022, the password manager LastPass disclosed that attackers stole encrypted user vaults. Because of the encryption, unless the attackers figure out a specific user’s LastPass password, it’s practically impossible for them to figure out that user’s other passwords. Even so, the article’s author argues, LastPass’s response was lacking; LastPass told users about the attack a month after it happened, and even then, it was buried in other, less important announcements. While it’s unrealistic to expect any service to be vulnerability-free, companies that mishandle security breach disclosure should be subject to increased scrutiny.
