Discover more from BIG by Matt Stoller
Private Equity Gave Your Bank Password to Hackers
Francisco Partners and Evergreen Coast Capital Corp own LastPass. They raised prices, and then fumbled security. You had one job guys!
Welcome to BIG, a newsletter on the politics of monopoly power. If you’d like to sign up to receive issues over email, you can do so here
Last year, I noted that LastPass, a beloved password manager for consumers, engaged in an extortion scheme against its customers.
LastPass has encouraged millions of people to replace weak passwords on retail websites, internet banks and other online services. Instead, the software handles authentication automatically using long, complex passwords that are impossible to guess — or remember.
Two investment firms, Elliott Management and Francisco Partners, acquired the service as part of their $4.3bn buyout of internet software group LogMeIn in September last year.
Now, the app is warning users that they must pay as much as $36 a year if they want access to those cumbersome passwords on all their devices.
The reason is that LastPass had been purchased by two private equity firms, Francisco Partners and Evergreen Coast Capital Corp. Typically, PE firms raise prices, lower quality, harm workers, and reduce customer service. This particular pricing move sparked a backlash from customers, and the two PE firms pledged to spin off the company and make it independent. But that hasn’t happened.
And now there’s some new information about the lovely management of LastPass. Apparently hackers have stolen encrypted password vaults, which means that users of LastPass are now vulnerable and must change every single password they have. Poor quality is common within private equity owned software firms, which means cybersecurity vulnerabilities quickly follow. We’ve seen this with PE-owned software firms facilitating the hacking of the NYC subway, nuclear weapons facilities, and criminal ransomware.
At this point, it’s time to recognize that ownership and management of software firms by private equity is itself a security risk.