On Monday, June 15, at 3:40p Eastern Time (GMT -4), LastPass tweeted the following:
We want to alert our community to a recent security incident & the actions we’re taking to protect users: https://t.co/DaW6Lj00wm
— LastPass (@LastPass) June 15, 2015
That reads: “We want to alert our community to a recent security incident & the actions we’re taking to protect users: https://blog.lastpass.com/2015/06/lastpass-security-notice.html/ ”
In the blog post, they note that LastPass noticed suspicious activity on the previous Friday (June 12).
That same day, at 7:52p … 4 hours and 12 minutes later … I received an email from LastPass (I am a customer), indicating something similar:
This is incredibly responsive for a team to notice something on day 0, attempt to block and thwart it for 48 hours, blog about it on day 3, then tweet and email their user base mere hours apart from the blog post, and only 96 hours since the alert of suspicious activity.
Perhaps I’m overwhelmed with the speed of this, because companies like Target and Home Depot took ridiculously long to even admit there was an issue, and then to communicate that issue to its user base.
What This Means
Let’s be clear: none of these is “OK.” None are acceptable (though we as a society say that, yet we are, in the end, accepting of these things). On a relative scale though – I trust LastPass more than I do Target and HomeDepot because of the speed with which they communicated with me and were public and forthright about it.[sc:RSS_footer ]