Comment by psandor
7 hours ago
“ the priority of sales and profits has resulted in the sacrifice of the main quality measure of their main and only product”
What do you mean exactly here What do you think LastPass could have done to prevent this specific issue?
Did they need to give them all of this?
customer names, phone numbers, email addresses, physical addresses, support case data, sales-related data.
Generally yes, if you want to use a Customer Relationship Management system like Salesforce. Customer names, contact information, and info about what they bought from you is table stakes data for CRM is it not?
Bitwarden doesn't redirect you to a third party if you visit their support page:
https://bitwarden.com/help/
But LastPass does (Salesforce CNAME):
https://support.lastpass.com/s/?language=en_US
So this couldn't have happened to bitwarden, you own the reputation loss if any of your suppliers get owned. Though it really doesn't matter anymore for LastPass they leaked their customers vaults before, I have no idea how they can still be in business.
Not supply the information to any other company.
Not installing the infected package of course.
It's worth noting that this is not 'their marketing provider' what they do is load 30 different providers for some reason, to maximize the reach of their data sharing and advertising network. Well, their network reached too far and touched an infected node.
You have no idea what Klue is