LastPass is one of the popular password managers that follows the freemium model. Lately, the company made some changes to its free plan allowing users to choose between either mobile or computers. To enjoy your account on both the platform, you will need to go ahead with the premium subscription. Well, we’re not here to talk about the subscription plan but instead an important security concern.
Exodus, a German security firm, has done an extensive investigation on the LastPass password manager app. In the research, it turns out LastPass is using seven built-in trackers in its Android application. According to the report, these trackers claim to send collected data that includes the personal information of subscribers.
Security firm warns about LastPass because of its trackers!
As mentioned earlier, LastPass seems to be using seven built-in trackers. Out of these seven, four trackers come from Google that handles analytics and crash reporting. There’s one tracker from Segment as well that gathers data for marketing teams. According to the report, the transmitted data includes information regarding users’ smartphone’s make and model. Furthermore, it also shares information regarding biometric security and whether the user is utilizing it or not.
While LastPass is not tracking data that is personally identifiable, the very fact that these trackers are integrated might pose security vulnerabilities. In fact, Mike Kuketz, the researcher who analyzed LastPass, recommended stopping using the password manager for your own sake. With the report making round on the internet, LastPass decided to clear the air.
One of the spokesperson from LastPass commented on the matter. Well, LastPass claims that the company gathers only limited data. The spokesperson further added that these data are gathered to “improve and optimize the product”. The company also claimed that these trackers don’t extract sensitive personally identifiable user data or vault activity. While the change in the free plan has disappointed a lot of users, the new development might also convince them to make a switch after all.
Not the first password manager with trackers
LastPass is not the first password manager out there that allegedly uses trackers to gather personal information. According to the same research firm, Bitwarden has two trackers while RoboForm and Dashlane have four. Wondering which password manager has none? Well, that’s where 1Password comes in. If all these trackers are a concern, you might want to review your choice of a password manager.