Researchers found that the built-in seven trackers in LastPass may track and collect user data

Earlier, the well-known password manager LastPass announced that it would adjust the policy of the free version. After the adjustment, the free version no longer supports cross-platform use.

The most basic function of a password manager is to support cross-platform and cross-device synchronization. Therefore, a large number of consumers abandon this password manager after the announcement of the new policy.

Through such a radical approach, it is nothing more than stimulating more free users to turn to pay users, but obviously, too radical tactics may be counterproductive.

What is even more worrying is that after analysis, security researchers also found that the password manager has multiple trackers, which may be used to track and collect user personal data.

After analysis, security researchers found that LastPass has seven different trackers, which are used to collect relevant usage data for analysis.

LastPass free service

“best-online-password-manager-lastpass” by HomeBiss is licensed under CC BY 2.0

The seven trackers include four trackers from Google. These trackers are used to collect client software usage, crash logs, and analysis reports.

One tracker is used to collect user personal data. It seems to be used for marketing. The collected personal data includes but is not limited to the user’s mobile phone brand and model.

At the same time, it will also collect whether the user has enabled biometric security functions, etc. There are also some trackers whose purpose is not clear but are usually used to collect private information.

It is really not wise to use so many trackers for password manager products, because these trackers themselves may be attacked and leak user information.

After the researcher released the report, it also attracted the attention of the password manager developer. The developer stated that it does use trackers but does not collect user information.

It means that there is no sensitive personally identifiable user data or usage activity that can be passed through these trackers, and users can also turn off data collection.

If you don’t want to be collected data, the user needs to go to the advanced settings of the settings to find the privacy section, and then exit the data analysis to no longer transmit data.

Via: theregister