Research
Interview Synopsis

LastPass (GoTo/LogMeIn) – Security Breach Implications

  • Credit
  • TMT
  • North America

LastPass disclosed a security breach in December 2022, in which a threat actor stole personal customer information, including billing addresses and encrypted website login details. Third Bridge Forum interviewed a client and previous client of LastPass to assess their perception of the vendor’s integrity and core product following the breach.

How much of an impact on customers did the December LastPass breach have?

The breach did not cause any “sleepless nights”, an IT service provider executive said, noting they were satisfied with LastPass’ response time and investigation. “Perception is key in the security space, but this particular breach, at least the public face of it, I think is probably low to medium impact.” Overall, the breach was a realisation that “this isn’t going to be the last one that happens to you”.

An executive at a private lender said it was “disturbing” given LastPass is a password protection product, but acknowledged that such incidents are common. “You look at… how quickly did they respond, who did they bring in to do the forensics… and I think that’s important, that they bring in a third party that can be objective.” Due to the “stickiness” of the solution, the specialist does not expect many “knee-jerk reactions” from large organisations. 

Knee-jerk customers have probably already made the switch, they added. “I don’t know the magnitude of that, how many people that was, and the time to switch is based on the complexity of the implementation.” The specialists separately estimated 10-15% and 25% total potential churn impact to LastPass’s customer base, and believe the impact should decrease based on the success of LastPass’ response.

We also heard the shift from passwords to passkeys is a major trend that customers will be focusing on when their contracts approach renewal. This is more likely to drive a switch than a breach, the experts said, given the high costs and complexity that come with switching providers. 

Although the experts were satisfied with LastPass’ response, they expect an update in 6-12 months on the changes implemented to ensure the same breach does not happen again. They also would like to see an ongoing outreach programme to garner feedback from customers and ensure they understand what happened and how it has been remedied. 

When asked to assess LastPass’s competitors, the IT service provider executive described the landscape as a “horse race” that is going to get closer. “We’re moving away from passwords to passkeys, and so we’ll see what happens.” The private lender executive added that “the herd is going to thin, and you’re going to move from the half-dozen or so providers you have today.” In the end, “two or three” players will dominate, as is the case across nearly all technologies, they said.

Click here to access all the human insights in this Forum Interview, LastPass (GoTo/LogMeIn) – Security Breach Implications.

Related Transcripts

The information used in compiling this document has been obtained by Third Bridge from experts participating in Forum Interviews. Third Bridge does not warrant the accuracy of the information and has not independently verified it. It should not be regarded as a trade recommendation or form the basis of any investment decision.

For any enquiries, please contact sales@thirdbridge.com