Lastpass locked us out of our shared password database and want $750
Lastpass has locked us from exporting our company’s shared password database unless we pay them for another 6 month subscription ($750). We can’t even discuss this with support because they refuse to email, chat or call with us (they have no listed number) until we pay. They’re holding our own passwords as a ransom against us. HN what should we do?
46 comments
[ 4.8 ms ] story [ 62.6 ms ] threadAnyway, clicking on About Us takes one to the website for GoTo, who have a phone number on the top right. Maybe you want to try calling that number (1 866 890 8931) and seeing if you can get some help by speaking to a person there?
The ideal outcome would be that they don’t appear in court, you get a default judgement, they ignore your written request to pay it, and then you visit their office with a sheriff and a local reporter or two to either get them to write a check or to seize some furniture. How many times do you think the CEO would be willing to read those news stories (and risk losing his own office furniture, because obviously you would start there) before they decide to let people sign into their expired accounts to export their passwords?
It’s not really about the money, it’s about forcing them to do the right thing.
I do not recommend anyone ever use lastpass or 1password, so I am absolutely no fan or apologist, but this is not a case of them doing anything wrong.
This story doesn't deserve any attention at all.
Think of the bright side; it's a good thing this bit your company at this early stage and not with half a million dollar contracts.
The refusal to provide access without renewal is scummy, but this complaint is silly.
It's also reasonable logic to hold any property hostage that has an outstanding dept associated with it. That's just a lein and is a common legal process. This is different from simply "account is no longer active"
So, it's not so cut and dried and obvious. Like a lot of things, if it's obvious and simple it's probably also incorrect or at least incomplete.
I'd say they should be either deleting the data OR allow export of the data as of the last time the account was current if they retained it, not retaining it and then holding it hostage. That is essentially using someone else's property for your own purposes.
In this state it's a form of threat that I'm not sure would pass a good thorough legal exam8nation.
Consider, they are holding something of yours which places you at risk where they might get hacked and leak your passwords, or they might even sell them to someone else who you never approved of, all while you are no longer consenting to their posession of this material. The entire company, meaning all assets, meaning your data, being sold to someone else absolutely qualifies, and has even already happened. That threat is at least a little bit like a gangsters protection payment then a legit lein.
I think this means that really the law of the land should be that they are obligated to delete anything that isn't current (covered by an active account or contract), with only some well defined and not-forever grace period to cover mishaps.
It becomes even more crucial for services like password managers.
It seems pretty shitty, but if you missed your deadline and the contract says that you can't get to it, then you can't get to it. But fight it anyway. I wouldn't call it a ransom though, they're asking for payment, and they may be right or not, depending on the terms.
Good luck.
I recommend Bitwarden by the way.
you dont have any other answer that would be anywhere near as close to a win.
Still a few dollars wasted, but $5-10 is much better than $750.
It sounds like you misunderstood your contract; you only have access while you have a subscription.
Was this fact not made clear when you took the subscription? Because if this wasn't a condition when you bought the subscription (it was only added on after you paid) then you have some legal remedies.
If it was a condition when you subscribed, then you cannot really complain, can you? You saw the conditions, you agreed to them, and now you want to retroactively withdraw your agreement.
I don’t think that’s fine print.
Yes, really! It's called contracts - don't sign it until you read it[1]. The whole point behind a subscription is that you only get to enjoy the product while you are subscribed. I very much doubt that the fine-print said anything along the lines of "some functionality is available after subscription ends".
Now let's be fair, you work for a company. Presumably, your company makes money by selling its products.
Do you really think it is reasonable that someone who purchased your product, and who agreed to the terms of purchase (price, warrantee, etc) should be able to later retroactively withdraw their agreement?
Did you actually put something like that - "Customer is free to change their mind any time after purchase and we will agree to continue providing service and/or product" - into your purchase agreement?
Do you allow your ex-customers to get more product for free because at some time in the past they were customers?
In all other business dealings, do you expect to make the other party whole just because the other party felt that it was too onerous to read the contract you provided?
If you feel that people should not be held to the contracts they signed, why bother making them sign?
I feel for you, but this is all self-inflicted; agreeing to something and then complaining that the other party is adhering to the terms of the agreement is a a very unprofessional way to behave.
[1] I don't think you were given a 40 page contract to peruse; this is the actual contract you agreed to : https://www.lastpass.com/legal-center/terms-of-service/busin.... It's 12 pages of large font. The section about Fees, billing, etc is on the SECOND page, with an extra large heading of "Orders, Fees and Payment".
I mean sure they slipped us a contract too long to read on a busy day, Ok, but that they’re now bending their customer over is still cause for alarm. Just because their contract says they can get away with it doesn’t mean they aren’t scum for doing it to a customer that gave them a pile of money for a simple convenience service.
I mean their whole pitch is based around them being trustworthy. They’re just waiting to stab you in the back.
.
You chose the provider. (when there were others)
You chose the service profile. (when you could have done otherwise)
You chose to under-utilize a costly service. (not their fault if you have only 30 passwords)
You fucked it up by letting the service expire. (You had all the time to prepare)
You didn't do any backups. (what's it? Five minutes, manually, on a single post-it?)
*You* have a very strange idea of what a service is. (not them)
You apparently didn't even bother reading the first two pages of the contract. (or anything else.)
You don't want to renew... (someone said: "pay up or shut up" and they're right.)
.
*You* did it all, and now you're blaming them???
Not Cool man, Not Cool.
You think all of these people, with comment histories going back years, are suddenly all on your providers payroll?
> Something off with these comments.
Nothing is off with the comments, you're trying to convince all of us that you should continue getting service after your subscription ends. You're being very unprofessional by demanding free service, and then accusing people who point out this fact as paid shills.
I asked earlier if your company continues giving away product to ex-customers, and you haven't answered yet.
Do you give away product for free to ex-customers? I wanna know if you do, so that I know where I can signup, pay once, end the subscription and still get your service for free.
C'mon - you've thrown some accusations around here, you may as well answer the question.
Something is very off here. Where's dang when you need him?
> Something is very off here. Where's dang when you need him?
You're repeatedly making very serious accusations here, especially serious as you can see from my open comment history that I am not shilling. Are you sure you want Dang to join the conversation[1]?
I think if you post enough mentioning @dang, he might show up. I don't know if that works though - you can try.
Yes, if the contract states on termination no access to a cloud resource, that's the deal. Technically they're within the rules they laid out and we agreed to, except that they held onto data they do not own after termination.
There are two issues. First, this is a trust me story. A company that pulls this trick can do it one single time. We will never pay them another cent, and will tell everyone that will listen exactly what they did. Their contract has a clause to fuck the customer, and they use it. Lastpass are done, and they know it. This is a "fuck the last standing customer" clause to milk what's left of a resold company with a collapsing user base and a broken outdated business model.
Second, they kept our companies sensitive secret and essential-for-operations data and refuse to give us a copy unless we pay the resubscription fee (ransom). That's a state where a terminated contract leaves them with secret customer data, and now they want a payoff. Their contract doesn't excuse them from breaking the law. That data should've been deleted, if not, it has to be accessible by law to the owner. It's Right of Access.
You are not answering the question, which is "Does your company provide service to ex-customers?"
Does it?
The terms and the outcome are actually perfectly reasonable and expected, not some crazy unsuspected gotcha buried in fine print to ensnare hapless victims.
This is not actually a case of "You didn't read 40 pages of deliberately inscrutable legal triple-speak and so it's 100% your fault and not at all the author of the deliberately inscrutable contract."
The the outcome here is exactly in line with a surface layman understanding of the terms without reading them in detail. No way would they be able to show any sort of misrepresentation.
https://support.1password.com/frozen-account/
Hiawatha Bray Boston Globe
So here we have someone who doesn't keep backups, who didn't read the contract, and who didn't keep track of the subscription expiration date complaining about a completely self inflicted problem.