LastPass Completes Corporate Split from GoTo

Penka Hristovska
Penka Hristovska Senior Editor
Penka Hristovska Penka Hristovska Senior Editor

LastPass has officially separated from its former parent company, GoTo, previously known as LogMeIn.

GoTo announced its decision to spin off LastPass as an independent entity in December 2021, six years after acquiring the password management company. Now, LastPass will operate independently under a shareholder holding company named LMI Parent.

The move follows several high-profile attacks the company faced, which propelled it to commit to enhancing its security protocols.

“Together, we are all committed to delivering solutions that never compromise on security, quality, or performance – helping to set new standards in the cybersecurity landscape on behalf of our valued customers, dedicated employees, and the industry for years to come,” CEO Karim Toubba said in a statement.

In its announcement, LastPass said the company is on strong financial footing.

The most recent issues for LastPass began to unfold in 2022. LastPass disclosed hackers had stolen its source code in August of that year. Later in November, it was revealed that these hackers also accessed “certain elements” of customer data. While LastPass maintained that customer passwords were secure, the breach included the theft of a backup copy of customer password vaults and some encryption keys, raising concerns about the safety of the stolen data.

In September 2023, security researchers identified a hack that led to the theft of over $35 million from the cryptocurrency wallets of more than 150 individuals. They discovered that each victim had stored their “seed phrase,” which is a crucial digital key for accessing cryptocurrency investments, within their LastPass account, suggesting this was how the attackers gained access.

In January, LastPass introduced a new policy requiring a 12-character minimum for master passwords, which is the industry-recommended minimum for adequate security. Previously, while LastPass suggested a default of 12 characters, it allowed users to choose shorter passwords.

LastPass has also formed a dedicated threat intelligence team, composed of specialists who significantly reduced the availability of stolen credentials for sale by 98% in 2023, as a result of combating infostealing malware.

LastPass remains based in Boston, close to its former parent company GoTo, but has moved into its own dedicated property.

About the Author
Penka Hristovska
Penka Hristovska
Senior Editor

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.

Leave a Comment