LastPass Passes Sony Fails

Melanie Gross
May 10, 2011
Updated • Jan 31, 2015
Security
|
10

The cloud has been rather rainy, lately. Sony has had a rough month, to say the least. They’ve been hacked and info has been stolen. At the time of writing PSN has been down for close to three weeks, and Sony Online Entertainment has been down for a week.

During this time, Sony hasn’t really dealt with the customer relations side of the matter well. LastPass, too, has had its share of trouble this week. Compared to Sony, it’s come through with flying colors. The way LastPass handled itself has shown that it really does care about its customers and its mission.

Sony scrambled to give its customers something like an explanation after PSN went down. It was not very successful. It tried to relate just enough info to ease its customers without going into too much detail.

In fact, it spent the day before the suspension of Sony Online Entertainment telling its customers that everything was under control and would be back up soon. Oh, and by the way, members could have a month’s service free for their trouble.

LastPass is a utility for storing passwords. You only have to remember a master password and it remembers all the rest. If you’re not good at creating secure, i.e. non dictionary passwords, it can create them for you. It has support for all of the major browsers, and most of the mobile platforms as well.

When LastPass saw a potential problem, the company explained to its customers exactly what was going on. There was a post up before anything bad happened. Service wasn’t even interrupted when customers were notified that there was a potential problem.

Let’s talk about Sony and security for a moment shall we? When the company discovered that PSN was hacked, Sony released the information that customer names, numbers and addresses had been taken, but couldn’t be sure whether or not credit card info was stolen. When Sony Online Entertainment was hacked, the company told customers that thousands of credit card numbers were taken as well.

LastPass was much more aware of security, it seems, than Sony. The company let customers know that there may have been a hacking incident before it was certain that there had been one. Someone noticed increased traffic on a database and didn’t know why, so the company played it safe. They recommended that customers change their master password just in case the database was hacked.

LastPass has shown itself both in terms of openness with its customers and in its business practices to really care about the security of the information it’s been given. Sony, on the other hand, has shown that it has trouble dealing with this kind of security issue. Granted, LastPass is in the security field, but considering the amount of your info and money Sony has, the company should be more aware of potential risks and be more prepared for them, don’t you think?

Are you a user of LastPass? Are you on PSN? What are your views on the way the two companies have dealt with their security issues? What could either company have done better in your view in terms both of relations with their customers and in terms of security? Am I being unfair to Sony?

Advertisement

Previous Post: «
Next Post: «

Comments

  1. kingpsyz said on May 11, 2011 at 8:19 pm
    Reply

    Hahahaha… wow fanboy much?

    So LastPass is a company involved in your online security and was hacked, but couldn’t say for sure and kept things moving along only today admitting, yes we were hacked.

    Sony runs an online video game service who when it looked like they were being hacked DID THE SAME THING LASTPASS DID but they shut down the network to find the leak and fix it. Sony then hired outside firms to help them find the holes and when they got the confirmation anounced what they found.

    I haven’t seen LastPass called into Congress, even though this is sorta their job, and they failed hard at it. Sony’s online security is a component of their service, not the focus.

    I love how LastPass just asked people to change the password but hasn’t really demonstrated what they’ve done to prevent it in the future, or even right now and has been fairly vague but they get a pass here? LOL

    1. Tristan Phillips said on May 12, 2011 at 11:56 am
      Reply

      Assuming I’m not feeding a troll…..

      Actually LastPass announced the issue about a week before the emails arrived. Multiple blogs covered it at the time, as well as LastPass’ own web site. When the incident happened I learned of it from three different blogs that morning, and then went to LastPass to confirm. I changed my master password immediately. Several days later I got the email from LastPass announcing the potential breech.

      To say that LastPass took 7 days to notify the community is pretty much a lie. LastPass announced it and various people covered it within hours. To rely on email as a sole means of instantaneous communications is really showing your ignorance of what email is and is not. People who want to keep up on particular products and announcements follow twitter and monitor web sites for changes; not a electronic communications means that can take days to deliver notifications.

      But go ahead with your unfounded outrage.

  2. Johnny B. said on May 11, 2011 at 4:38 pm
    Reply

    LastPass had the benefit of learning from Sony’s missteps when dealing with security breaches. You would really have to be an idiot to not do things differently from Sony after seeing the fallout from that. I think LastPass is getting too much credit for capitalizing on Sony’s mistakes. Had the Sony security breach not occur, then would LastPass have handled their security breach in the exact same manner?

  3. Don Lavabit said on May 10, 2011 at 11:31 pm
    Reply

    As a long-time user of the free version of LastPass, and one who tries to be well-aware of the many potential risks to putting information online, I was impressed by the overall response by LastPass. And while all us users had varying degrees of difficulty, frustration and anger in trying to work with or around the issue, I, for one, am grateful for what I perceive to have been a very conscious and deliberate effort by LastPass to be open, communicative and up front (paranoid?) with us.

    I continue to use LastPass and have more confidence now than before that LastPass is more secure than ever with my account information.

    Thank you, LastPass!

  4. Lisa said on May 10, 2011 at 10:42 pm
    Reply

    I only found out about this today from an email from Lastpass. This happened last week? Why do I only find out now and why is that praised?

  5. Jim said on May 10, 2011 at 9:09 pm
    Reply

    I’ve been using LastPass for a while now and I’m really happy with how they dealt with this. Although some are freaking out and jumping ship, I’m staying on board. They were vigilant, responsive, and open through it all. What more could anyone reasonably expect?

    1. Daryl said on May 12, 2011 at 5:19 pm
      Reply

      +1 what he said

  6. X said on May 10, 2011 at 5:21 pm
    Reply

    If you’re afraid to be unfair to Sony, relax and have a look at: http://www.infoworld.com/t/cringely/sony-angers-the-anonymous-beast-245.

    Incidentally, I just received today the standard e-mail from LastPass support. A whooping 7 DAYS after the incident…

  7. Anon said on May 10, 2011 at 4:53 pm
    Reply

    I wouldn’t be so quick to praise lastpass. It took a WEEK to notify the users directly about this issue. To be frank, neither got it right.

  8. Paul(us) said on May 10, 2011 at 12:08 pm
    Reply

    Your not unfair to Sony, not at all. On the country your are much to polite to Sony.
    Why is there not an independent watchdog who nails Sony to the wall? This is what the deserve and not less. I am ferry glad that i am not on PSN and what happens last week make me things twice to go on PSN. Make Sony should take a example to LastPass and the way LastPass handeld has to become the standard for the market. Last week convinced me that i have to take a outer, in-depended form the internet, program for storing main passwords .

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.