Comment by bko

5 hours ago

What's the solution? Don't have a CRM and store stuff about customers under lock and key? Don't give access to the CRM to any employees? More security training about clicking shady links?

I don't get how you think some other competitor would be better suited against this threat. The right solution is to mitigate the damage. CRM has minimum available stuff, like names, addresses, etc. Don't keep stuff like payment information, passwords, etc in that place as that's the vulnerable system. It seems like that's what LP does and probably every other company in this space does.

Again, it's entirely reasonable to have an off the shelf CRM, pretty broad access to it. You try to prevent phishing email or phone scams (assuming this is what it was) but you have 800 employees, its bound to happen.

2 comments

bko

iamacyborg 5 hours ago

> What's the solution?

Use any of the other password managers that don't have the poor security history that LP do.

lazyasciiart 2 hours ago

I think they're asking how LastPass is supposed to prevent this particular breach.