Technologies

If You Use LastPass, You Need to Change All of Your Passwords ASAP

You’ll probably also want to find a different password manager, considering the severity of the latest LastPass data breach.

LastPass, one of the world’s most popular password managers, suffered a major data breach in December, putting customers’ online passwords at risk and endangering their personal data.

On Dec. 22, LastPass CEO Karim Toubba acknowledged in a blog post that a security incident the company first disclosed in August eventually led to an «unauthorized party» stealing customer account information and sensitive vault data. The breach is the latest in a lengthy and troubling string of security incidents involving LastPass that date back to 2011.

It’s also the most alarming.

An unauthorized party was able to gain access to unencrypted subscriber account information like LastPass usernames, company names, billing addresses, email addresses, phone numbers and IP addresses, according to Toubba. That same unauthorized party was also able to steal customer vault data, which includes unencrypted data like website URLs as well as encrypted data like the usernames and passwords for all of the sites customers have stored in their vaults.

If you’re a LastPass subscriber, the severity of this breach should have you looking for a different password manager, because your passwords and personal data are at serious risk of being exposed.

What should LastPass subscribers do?

The company didn’t specify how many users were affected by the breach, and LastPass didn’t respond to CNET’s request for additional comment on the breach. But if you’re a LastPass subscriber, you need to operate under the assumption that your user and vault data are in the hands of an unauthorized party with ill intentions. Though the most sensitive data is encrypted, the problem is that the threat actor can run «brute force» attacks on those stolen local files. LastPass estimates it would take «millions of years» to guess your master password — if you’ve followed its best practices.

If you haven’t — or if you just want total peace of mind — you’ll need to spend some serious time and effort changing your individual passwords. And while you’re doing that, you’ll probably want to transition away from LastPass, too.

With that in mind, here’s what you need to do right now if you’re a LastPass subscriber:

1. Find a new password manager. Given LastPass’ history with security incidents and considering the severity of this latest breach, now’s a better time than ever to seek an alternative.

2. Change your most important site-level passwords immediately. This includes passwords for anything like online banking, financial records, internal company logins and medical information. Make sure these new passwords are strong and unique.

3. Change every single one of your other online passwords. It’s a good idea to change your passwords in order of importance here too. Start with changing the passwords to accounts like email and social media profiles, then you can start moving backward to other accounts that may not be as critical.

4. Enable two-factor authentication wherever possible. Once you’ve changed your passwords, make sure to enable 2FA on any online account that offers it. This will give you an added layer of protection by alerting you and requiring you to authorize each login attempt. That means even if someone ends up obtaining your new password, they shouldn’t be able to gain access to a given site without your secondary authenticating device (typically your phone).

5. Change your master password. Though this doesn’t change the threat level to the stolen vaults, it’s still prudent to help mitigate the threats of any potential future attack — that is, if you decide you want to stay with LastPass.

LastPass alternatives to consider

Bitwarden: CNET’s top password manager is a highly secure and open-source LastPass alternative. Bitwarden’s free tier allows you to use the password manager across an unlimited number of devices across device types. Read our Bitwarden review.
1Password: Another excellent password manager that works seamlessly across platforms. 1Password doesn’t offer a free tier, but you can try it for free for 14 days.
iCloud Keychain: Apple’s built-in password manager for iOS, iPadOS and MacOS devices is an excellent LastPass alternative available to Apple users at no additional cost. iCloud Keychain is secure and easy to set up and use across all of your Apple devices. It even offers a Windows client, too, with support for Chrome and Edge browsers.

How did it come to this?

In August 2022, LastPass published a blog post written by Toubba saying that the company «determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.»

At the time, Toubba said that the threat was contained after LastPass «engaged a leading cybersecurity and forensics firm» and implemented «enhanced security measures.» But that blog post would be updated several times over the following months as the scope of the breach gradually widened.

On Sept. 15, Toubba updated the blog post to notify customers that the company’s investigation into the incident had concluded.

«Our investigation revealed that the threat actor’s activity was limited to a four-day period in August 2022. During this timeframe, the LastPass security team detected the threat actor’s activity and then contained the incident,» Toubba said. «There is no evidence of any threat actor activity beyond the established timeline. We can also confirm that there is no evidence that this incident involved any access to customer data or encrypted password vaults.»

Toubba assured customers at the time that their passwords and personal data were safe in LastPass’s care.

However, it turned out that the unauthorized party was indeed ultimately able to access customer data. On Nov. 30, Toubba updated the blog post once again to alert customers that the company «determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information.»

Then, on Dec. 22, Toubba issued a lengthy update to the blog post outlining the unnerving details regarding precisely what customer data the hackers were able to access in the breach. It was then that the full severity of the situation finally came to light and the public found out that LastPass customers’ personal data was in the hands of a threat actor and all of their passwords were at serious risk of being exposed.

Still, Toubba assured customers who follow LastPass’s best practices for passwords and have the latest default settings enabled that no further action on their part is recommended at this time since their «sensitive vault data, such as usernames and passwords, secure notes, attachments, and form-fill fields, remain safely encrypted based on LastPass’ Zero Knowledge architecture.»

However, Toubba warned that those who don’t have LastPass’s default settings enabled and don’t follow the password manager’s best practices are at greater risk of having their master passwords cracked. Toubba suggested that those users should consider changing the passwords of the websites they have stored.

What does all of this mean for LastPass subscribers?

The initial breach ended up allowing the unauthorized party to access sensitive user account data as well as vault data, which means that LastPass subscribers should be extremely concerned for the integrity of the data they have stored in their vaults and should be questioning LastPass’s capacity to keep their data safe.

If you’re a LastPass subscriber, an unauthorized party may have access to personal information like your LastPass username, email address, phone number, name and billing address. IP addresses used when accessing LastPass were also exposed in the breach, which means that the unauthorized party could also see the locations from which you used your account. And because LastPass doesn’t encrypt users’ stored website URLs, the unauthorized party can see all of the websites for which you have login information saved with the password manager (even if the passwords themselves are encrypted).

Information like this gives a potential attacker plenty of ammunition for launching a phishing attack and socially engineering their way to your account passwords. And if you have any password reset links stored that may still be active, an attacker can easily go ahead and create a new password for themselves.

LastPass says that encrypted vault data like usernames and passwords, secure notes and form-filled data that was stolen remains secured. However, if an attacker were to crack your master password at the time of the breach, they would be able to access all of that information, including all the usernames and passwords to your online accounts. If your master password wasn’t strong enough at the time of the breach, your passwords are especially at risk of being exposed.

Changing your master password now will, unfortunately, not help solve the issue because the attackers already have a copy of your vault that was encrypted using the master password you had in place at the time of the breach. This means the attackers essentially have an unlimited amount of time to crack that master password. That’s why the safest course of action is a site-by-site password reset for all of your LastPass-stored accounts. Once changed at the site level, that would mean the attackers would be getting your old, outdated passwords if they managed to crack the stolen encrypted vaults.

For more on staying secure online, here are data privacy tips digital security experts wish you knew and browser settings to change to better guard your information.

Technologies

White House Joins TikTok With New Account. Here’s What It’s Posted So Far

An official White House account has shown up on TikTok, with one video featuring the caption: ‘We’re so back’.

The White House has officially joined TikTok, even as the administration is trying to help determine the future of the platform in the US.

So far, the TikTok account has four videos, a mix of videos of President Donald Trump speaking, footage of the White House itself over music and the caption: «We’re so back.» There’s also a video of Press Secretary Karoline Leavitt responding with hostility to a press conference question from a New York Times reporter, which is one way to set the tone early doors. As of this writing, the account had more than 123,000 followers so far.

The tagline for the account is: «Welcome to the Golden Age of America.»

After a move to ban TikTok in the US due to its Chinese ownership, the administration has delayed a shutdown as it seeks to help the company’s owner ByteDance, transfer ownership to a US company. There are expectations that new ownership could be announced as early as September as the company works on a US-only version of the TikTok mobile app.

Technologies

ROG Xbox Ally: Release Date, Specs, Price and How It Compares to Steam Deck

Can Microsoft and Asus give Valve some handheld competition?

The Steam Deck has yet to find a real competitor in the PC handheld gaming device battle. Other hardware companies, including Asus, Lenovo and MSI, have tried, but so far, their devices keep falling short. Asus plans to try to take another swipe at the crown, though, this time with the help of Microsoft.

In June, the two revealed their partnership for a new handheld device: the ROG Xbox Ally. This handheld will come in two variants and will attempt to bring the Xbox console experience to a portable device. Microsoft confirmed the release date for the Xbox Ally of Oct. 16 on Wednesday, but there are still some questions about the handheld.

Will the Xbox Ally outdo the Steam Deck, or will it wind up being just another wannabe?

How much will the Xbox Ally cost?

Neither Microsoft nor Asus has confirmed an official price yet. One thing for sure is that the Xbox Ally won’t be cheap.

Multiple leaks suggest the price will be 599 euros for the Xbox Ally and 899 euros for a higher-end version, the Xbox Ally X. That does leave the question of what the price will be in the US. Most likely, the price will be the same just in dollars, as that is the typical practice for gaming hardware prices.

Discount social media poster Wario64 tweeted Best Buy listings for the Xbox Ally, Xbox Ally X, charger dock, and case on Wednesday. There’s no pricing on the site for the devices, just a button to be notified when preorders become available. However, Wario64 states the pricing on the back end shows the Xbox Ally at $550 and the Xbox Ally X at $900, while the charging dock is listed on the site $100 and case for $70. The dock and case prices are on Best Buy and are accurate. It’s unclear if Microsoft changed plans at the last minute.

Best Buy has listed ROG Xbox Ally listings (no preorders yet)
Ally ($549.99) https://t.co/nmHw6Nxov3
Ally X ($899.99) https://t.co/Dts0GcUNFW
100W Charger Dock (HDMI 2.0, USB-A, USB-C) ($99.99) https://t.co/LkoKyunOE8
Case $69.99 https://t.co/jaTIBfWUXX
Confirming… pic.twitter.com/oalzcOON77

— Wario64 (@Wario64) August 20, 2025

Microsoft didn’t immediately respond to a request for comment about the post.

The uncertainty about the price of the Xbox Ally is likely due to tariffs. Microsoft recently increased the prices of its Xbox Series consoles and Asus has done the same with its laptops and its current ROG Ally lineup.

When does the Xbox Ally come out?

Microsoft did confirm the release date of the Xbox Ally on Oct. 16. This date was mentioned in previous leaks regarding the handheld device’s price.

When can I preorder the Xbox Ally?

Preorders are not available as of yet. In the blog post about the release date, Microsoft says preordering and pricing will be announced sometime in the future. Best Buy does have the listings for the Xbox Ally, Xbox Ally X, charging dock and case, and those interested can request to be notified when preorders become available.

What’s the difference between the Xbox Ally and Xbox Ally X?

There are two versions of the Xbox Ally: the lower-priced Xbox Ally and the higher-priced Xbox Ally X.

The key differences between the two are in their processors, storage and memory. The Xbox Ally will have the AMD Ryzen Z2 A Processor, while the Xbox Ally X will use the faster AMD Ryzen AI Z2 Extreme Processor. Memory will be different, with the lower-priced Xbox Ally having 16GB of LPDDR5X-6400 and the higher-cost handheld coming with 24GB LPDDR5X-8000. Both will come with SSD storage but the Xbox Ally will have 512GB and the Xbox Ally X will have 1TB. The Xbox Ally X will also come with a bigger battery but with a faster processor and more memory. It’s not clear if that difference in capacity translates to a longer battery life.

Specs for Xbox Ally and Xbox Ally X

	ROG Xbox Ally	ROG Xbox Ally X
Operating System	Windows 11 Home	Windows 11 Home
Controls and grip	Contoured grips inspired by Xbox Wireless Controllers deliver all-day comfort. ABXY buttons / D-pad / L & R Hall Effect analog triggers / L & R bumpers / Xbox button / View button / Menu button / Command Center button / Library button / 2x assignable back buttons / 2x full-size analog sticks / HD haptics / 6-axis IMU	Contoured grips inspired by Xbox Wireless Controllers deliver all-day comfort, complete with impulse triggers for enhanced control.ABXY buttons / D-pad / L & R impulse triggers / L & R bumpers / Xbox button / View button / Menu button / Command Center button / Library button / 2x assignable back buttons / 2x full-size analog sticks / HD haptics / 6-axis IMU
Processor	AMD Ryzen Z2 A Processor	AMD Ryzen AI Z2 Extreme Processor
Memory	16GB LPDDR5X-6400	24GB LPDDR5X-8000
Storage	512GB M.2 2280 SSD for easier upgrade	1TB M.2 2280 SSD for easier upgrade
Display	7-inch, 1080p, IPS, 500 nits, 16:9; 120Hz refresh rate, FreeSync Premium;Corning Gorilla Glass Victus + DXC Anti-Reflection	7-inch, 1080p, IPS, 500 nits, 16:9; 120Hz refresh rate, FreeSync Premium;Corning Gorilla Glass Victus + DXC Anti-Reflection
I/O Ports	2x USB-C (2 x DP 2.1, PD 3.0), 1x microSD, 1x analog audio	2x USB-C (1x USB4, 1x USB 3.2 both w/ DP 2.1, PD 3.0), 1x micro SD, 1x analog audio
Network and Communication	Wi-Fi 6E (2 x 2), Bluetooth 5.4	Wi-Fi 6E (2 x 2), Bluetooth 5.4
Dimensions	29.1×12.2×5.1 cm	29.1×12.2×5.1 cm
Weight	670g	715g
Battery	60Wh	80Wh
Included	ROG Xbox Ally 65W charger Stand	ROG Xbox Ally X 65W charger Stand

What makes the Xbox Ally different from the Steam Deck?

The most notable difference between the Xbox Ally and the Steam Deck is the operating system. Like the ROG Ally, the Xbox Ally will also use Windows 11, while the Steam Deck uses Valve’s SteamOS.

Even though every PC game works with Windows, handheld gaming devices running Windows have had serious issues, as the OS implementation has been a bit buggy. Portable consoles like the ROG Ally, MSI Claw and Lenovo Legion Go simply don’t run well with full Windows because the OS is designed for laptops and desktops and not handheld devices. SteamOS, however, is designed to run almost every game on Steam without issues and regardless of device size.

The Xbox Ally changes that by giving it an Xbox interface. This would be similar to how the Xbox app on PCs works for running games. It would also be able to download Xbox games directly to it, remote play them off a console or stream them via Xbox Cloud.

Another big difference is the hardware. The Steam Deck came out in 2022 and it was the first mass-produced handheld gaming device for PC. At the time, Valve had to use custom AMD processors but since then, AMD has produced more processors for handheld devices, which are now much more powerful in just a few years. The Xbox Ally would also have faster RAM. Both the improvement in processors and RAM should significantly increase the number of games the Xbox Ally can run versus the Steam Deck, which is already struggling to run newer games at 30fps.

Externally, the Xbox Ally will come with the same size 7-inch display but it will have a higher refresh rate of 120Hz, a brighter screen at 500 nits and increased resolution at 1080p. There will also be some slight differences in the physical size of the Xbox Ally, which will be a little bigger and heavier. Another difference from the Steam Deck is that the Xbox Ally controls will be more similar to the Xbox controller.

Microsoft and Asus have a large hill to climb if they plan to have the Xbox Ally dethrone the Steam Deck. It will be especially tough if Valve decides to announce the Steam Deck 2 soon.

Technologies

Sony Raises Prices of PlayStation 5 consoles

Starting Thursday, you can expect to pay more for a new PlayStation, thanks to «a challenging economic environment.»

Sony will increase the prices of its PlayStation 5 consoles in the US, starting Thursday, Aug. 21. This follows the trend of console manufacturers such as Microsoft and Nintendo raising prices for their hardware in response to tariffs.

The PlayStation-maker posted about the pricing on Wednesday. The jump in price is $50 more than the current price for each model.

The new prices are:

PlayStation 5: $500 to $550
PlayStation 5 Digital Edition: $450 to $500
PlayStation 5 Pro: $700 to $750

«Similar to many global businesses, we continue to navigate a challenging economic environment,» Sony said in a post about the price increase.

Back in March, Microsoft increased the price of the Xbox Series consoles back in May, and Nintendo hiked the original Switch console price and Switch 2 accessories earlier this month.

While the companies didn’t point to the tariffs instituted by President Donald Trump as the reason for the hardware price jump, it would explain the trend in recent months.