Technologies
What LastPass Subscribers Need to Do After the Latest Breach
Following the latest breach, you might want to find a new password manager.

LastPass, one of the world’s most popular password managers, is yet again under the microscope after its latest security breach.
In late December, LastPass CEO Karim Toubba acknowledged that a security incident the company first disclosed in August had ultimately paved the way for an unauthorized party to steal customer account information and vault data. This is the latest in a lengthy string of security incidents involving LastPass that date back to 2011.
It’s also the most alarming.
An unauthorized party now has access to unencrypted subscriber account information like LastPass usernames, company names, billing addresses, email addresses, phone numbers and IP addresses, according to Toubba. That same unauthorized party also has a copy of customer vault data, which includes unencrypted data like website URLs and encrypted data like the usernames and passwords for all the sites customers have saved in their vaults. If you’re a LastPass subscriber, the severity of this breach should have you looking for a different password manager because your passwords and personal data are at risk of being exposed.
What should LastPass subscribers do?
The company didn’t specify how many users were affected by the breach, and LastPass didn’t respond to CNET’s request for additional comment on the breach. But if you’re a LastPass subscriber, you need to operate under the assumption that your user and vault data are in the hands of an unauthorized party with ill intentions. Though the most sensitive data is encrypted, the problem is that the threat actor can run «brute force» attacks on those stolen local files. LastPass estimates it would take «millions of years» to guess your master password — if you’ve followed its best practices.
If you haven’t — or if you just want total peace of mind — you’ll need to spend some serious time and effort changing your individual passwords. And while you’re doing that, you’ll probably want to transition away from LastPass, too.
With that in mind, here’s what you need to do right now if you’re a LastPass subscriber:
1. Find a new password manager. Given LastPass’ history with security incidents and considering the severity of this latest breach, now’s a better time than ever to seek an alternative.
2. Change your most important site-level passwords immediately. This includes passwords for anything like online banking, financial records, internal company logins and medical information. Make sure these new passwords are strong and unique.
3. Change every single one of your other online passwords. It’s a good idea to change your passwords in order of importance here too. Start with changing the passwords to accounts like email and social media profiles, then you can start moving backward to other accounts that may not be as critical.
4. Enable two-factor authentication wherever possible. Once you’ve changed your passwords, make sure to enable 2FA on any online account that offers it. This will give you an added layer of protection by alerting you and requiring you to authorize each login attempt. That means even if someone ends up obtaining your new password, they shouldn’t be able to gain access to a given site without your secondary authenticating device (typically your phone).
5. Change your master password. Though this doesn’t change the threat level to the stolen vaults, it’s still prudent to help mitigate the threats of any potential future attack — that is, if you decide you want to stay with LastPass.
LastPass alternatives to consider
- Bitwarden: CNET’s top password manager is a highly secure and open-source LastPass alternative. Bitwarden’s free tier allows you to use the password manager across an unlimited number of devices across device types. Read our Bitwarden review.
- 1Password: Another excellent password manager that works seamlessly across platforms. 1Password doesn’t offer a free tier, but you can try it for free for 14 days.
- iCloud Keychain: Apple’s built-in password manager for iOS, iPadOS and MacOS devices is an excellent LastPass alternative available to Apple users at no additional cost. iCloud Keychain is secure and easy to set up and use across all of your Apple devices. It even offers a Windows client, too, with support for Chrome and Edge browsers.
How did it come to this?
In August 2022, LastPass published a blog post written by Toubba saying that the company «determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.»
At the time, Toubba said that the threat was contained after LastPass «engaged a leading cybersecurity and forensics firm» and implemented «enhanced security measures.» But that blog post would be updated several times over the following months as the scope of the breach gradually widened.
On Sept. 15, Toubba updated the blog post to notify customers that the company’s investigation into the incident had concluded.
«Our investigation revealed that the threat actor’s activity was limited to a four-day period in August 2022. During this timeframe, the LastPass security team detected the threat actor’s activity and then contained the incident,» Toubba said. «There is no evidence of any threat actor activity beyond the established timeline. We can also confirm that there is no evidence that this incident involved any access to customer data or encrypted password vaults.»
Toubba assured customers at the time that their passwords and personal data were safe in LastPass’s care.
However, it turned out that the unauthorized party was indeed ultimately able to access customer data. On Nov. 30, Toubba updated the blog post once again to alert customers that the company «determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information.»
Then, on Dec. 22, Toubba issued a lengthy update to the blog post outlining the unnerving details regarding precisely what customer data the hackers were able to access in the breach. It was then that the full severity of the situation finally came to light and the public found out that LastPass customers’ personal data was in the hands of a threat actor and all of their passwords were at serious risk of being exposed.
Still, Toubba assured customers who follow LastPass’s best practices for passwords and have the latest default settings enabled that no further action on their part is recommended at this time since their «sensitive vault data, such as usernames and passwords, secure notes, attachments, and form-fill fields, remain safely encrypted based on LastPass’ Zero Knowledge architecture.»
However, Toubba warned that those who don’t have LastPass’s default settings enabled and don’t follow the password manager’s best practices are at greater risk of having their master passwords cracked. Toubba suggested that those users should consider changing the passwords of the websites they have stored.
What does all of this mean for LastPass subscribers?
The initial breach ended up allowing the unauthorized party to access sensitive user account data as well as vault data, which means that LastPass subscribers should be extremely concerned for the integrity of the data they have stored in their vaults and should be questioning LastPass’s capacity to keep their data safe.
If you’re a LastPass subscriber, an unauthorized party may have access to personal information like your LastPass username, email address, phone number, name and billing address. IP addresses used when accessing LastPass were also exposed in the breach, which means that the unauthorized party could also see the locations from which you used your account. And because LastPass doesn’t encrypt users’ stored website URLs, the unauthorized party can see all of the websites for which you have login information saved with the password manager (even if the passwords themselves are encrypted).
Information like this gives a potential attacker plenty of ammunition for launching a phishing attack and socially engineering their way to your account passwords. And if you have any password reset links stored that may still be active, an attacker can easily go ahead and create a new password for themselves.
LastPass says that encrypted vault data like usernames and passwords, secure notes and form-filled data that was stolen remains secured. However, if an attacker were to crack your master password at the time of the breach, they would be able to access all of that information, including all the usernames and passwords to your online accounts. If your master password wasn’t strong enough at the time of the breach, your passwords are especially at risk of being exposed.
Changing your master password now will, unfortunately, not help solve the issue because the attackers already have a copy of your vault that was encrypted using the master password you had in place at the time of the breach. This means the attackers essentially have an unlimited amount of time to crack that master password. That’s why the safest course of action is a site-by-site password reset for all of your LastPass-stored accounts. Once changed at the site level, that would mean the attackers would be getting your old, outdated passwords if they managed to crack the stolen encrypted vaults.
For more on staying secure online, here are data privacy tips digital security experts wish you knew and browser settings to change to better guard your information.
Technologies
Gen AI Chatbots Are Starting to Remember You. Should You Let Them?
An AI model’s long memory can offer a better experience — or a worse one. Good thing you can turn it off.

Until recently, generative AI chatbots didn’t have the best memories: You tell it something and, when you come back later, you start again with a blank slate. Not anymore.
OpenAI started testing a stronger memory in ChatGPT last year and rolled out improvements this month. Grok, the flagship tool of Elon Musk’s xAI, also just got a better memory.
It took significant improvements in math and technology to get here but the real-world benefits seem pretty simple: You can get more consistent and personalized results without having to repeat yourself.
«If it’s able to incorporate every chat I’ve had before, it does not need me to provide all that information the next time,» said Shashank Srivastava, assistant professor of computer science at the University of North Carolina at Chapel Hill.
Those longer memories can help with solving some frustrations with chatbots but they also pose some new challenges. As with when you talk to a person, what you said yesterday might influence your interactions today.
Here’s a look at how the bots came to have better memories and what it means for you.
Improving an AI model’s memory
For starters, it isn’t quite a «memory.» Mostly, these tools work by incorporating past conversations alongside your latest query. «In effect, it’s as simple as if you just took all your past conversations and combined them into one large prompt,» said Aditya Grover, assistant professor of computer science at UCLA.
Those large prompts are now possible because the latest AI models have significantly larger «context windows» than their predecessors. The context window is, essentially, how much text a model can consider at once, measured in tokens. A token might be a word or part of a word (OpenAI offers one token as three-quarters of a word as a rule of thumb).
Early large language models had context windows of 4,000 or 8,000 tokens — a few thousand words. A few years ago, if you asked ChatGPT something, it could consider roughly as much text as is in this recent CNET cover story on smart thermostats. Google’s Gemini 2.0 Flash now has a context window of a million tokens. That’s a bit longer than Leo Tolstoy’s epic novel War and Peace. Those improvements are driven by some technical advances in how LLMs work, creating faster ways to generate connections between words, Srivastava said.
Other techniques can also boost a model’s memory and ability to answer a question. One is retrieval-augmented generation, in which the model can run a search or otherwise pull up documents as needed to answer a question, without always keeping all of that information in the context window. Instead of having a massive amount of information available at all times, it just needs to know how to find the right resource, like a researcher perusing a library’s card catalog.
Read more: AI Essentials: 27 Ways to Make Gen AI Work for You, According to Our Experts
Why context matters for a chatbot
The more an LLM knows about you from its past interactions with you, the better suited to your needs its answers will be. That’s the goal of having a chatbot that can remember your old conversations.
For example, if you ask an LLM with no memory of you what the weather is, it’ll probably follow up first by asking where you are. One that can remember past conversations, however, might know that you often ask it for advice about restaurants or other things in San Francisco, for example, and assume that’s your location. «It’s more user-friendly if the system knows more about you,» Grover said.
A chatbot with a longer memory can provide you with more specific answers. If you ask it to suggest a gift for a family member’s birthday and tell it some details about that family member, it won’t need as much context when you ask again next year. «That would mean smoother conversations because you don’t need to repeat yourself,» Srivatsava said.
A long memory, however, can have its downsides.
You can (and maybe should) tell AI to forget
Having a chatbot recommend a gift poses a conundrum that’s all too common in human memories: You told your aunt you liked airplanes when you were 12 years old, and decades later you still get airplane-themed gifts from her. An LLM that remembers things about you could bias itself too much toward something you told it before.
«There’s definitely that possibility that you can lose your control and that this personalization could haunt you,» Srivastava said. «Instead of getting an unbiased, fresh perspective, its judgment might always be colored by previous interactions.»
LLMs typically allow you to tell them to forget certain things or to exclude some conversations from their memory.
You may also deal with things you don’t want an AI model to remember. If you have private or sensitive information you’re communicating with an LLM (and you should think twice about doing so at all), you probably want to turn off the memory function for those interactions.
Read the guidance on the tool you’re using to be sure you know what it’s remembering, how to turn it on and off and how to delete items from its memory.
Grover said this is an area where gen AI developers should be transparent and offer clear commands in the user interface. «I think they need to be providing more controls that are visible to the user, when to turn it on, when to turn it off,» he said. «Give a sense of urgency for the user base so they don’t get locked into defaults that are hard to find.»
How to turn off gen AI memory features
Here’s how to manage memory features in some common gen AI tools.
ChatGPT
OpenAI has a couple types of memory in its models. One is called «reference saved memories» and it stores details that you specifically ask ChatGPT to save, like your name or dietary preferences. Another, «reference chat history,» remembers information from past conversations (but not everything).
To turn off either of these features, you can go to Settings and Personalization and toggle the items off.
You can ask ChatGPT what it remembers about you and ask it to forget something it has remembered. To completely delete this information, you can delete the saved memories in Settings and the chat where you saved that information.
Gemini
Google’s Gemini model can remember things you’ve discussed or summarize past conversations.
To modify or delete these memories, or to turn off the feature entirely, you can go into your Gemini Apps Activity menu.
Grok
Elon Musk’s xAI announced memory features in Grok this month and they’re turned on by default.
You can turn them off under Settings and Data Controls. The specific setting is different between Grok.com, where it’s «Personalize Grok with your conversation history,» and on the Android and iOS apps, where it’s «Personalize with memories.»
Technologies
It’s OK if You Didn’t Preorder a Switch 2
Commentary: As good as the new console looks, it’s also fine to wait.

FOMO for new tech is hard. And new game consoles are exciting. I get it, and I’ve contributed to that coverage excitement too. The Nintendo Switch 2 finally became available to preorder in the US this week, and as expected, it looks sold out for now. That’ll change over time, but it’s unclear when, or how, and it’s equally unclear what the constant tariff fluctuations might do to future game console pricing.
That said, having played on the Switch 2 recently at an event, may I help ease your FOMO somewhat by saying you’re probably OK waiting on it?
I felt this way after my full-day Switch 2 experience, and I’ll reiterate it now: As good as the upgrades the Switch 2 has, and as fun as the new Mario Kart and Donkey Kong games seem to be — and the GameCube gaming library also seems like a blast of retro fun — the Switch 2 is very much an iterative upgrade for now. The very best games on the Switch 2, and its most unique exclusives, are likely still to come.
Nintendo has clearly designed the Switch 2, at least for the moment, to exist as a bridge to the current Switch, with many upcoming games intended to work on the original Switch too. Much more than the debut of the first Switch, the Switch 2 is designed to be a system you could wait to upgrade to. In that sense, it’s following the path of the current gen of Xbox Series X and S and PlayStation 5 consoles.
You can build up your Switch library now and be Switch 2-ready when you eventually upgrade
The Switch 2 plays all the Switch games, which wasn’t the case with the Switch and previous Wii U and 3DS hardware. That means you could skip the Switch 2 now if you needed to, play games on the Switch, and then move your library over whenever. Switch 2 versions of games cost more (ranging from $10 to $20 more), but you can just buy the Switch 2 game upgrades later for a similar price — or play the versions you’ve already got minus the enhanced graphics and game extras.
The Switch 2’s current upgrades are good, but not shockingly good
After playing several of the Switch 2 Edition versions of Switch games for a bit, I noticed better frame rates and graphics resolution, but I honestly didn’t find it to be that much different. I’d prefer playing the enhanced Switch 2 editions, but the experience reminded me a bit of the PS5 Pro versus PS5 versions of games when I first played on the console with Sony last year.
If you have a big TV, you’ll likely appreciate the difference. The bigger Switch 2 screen shows off games in higher-res 1080p with HDR, but you could play on the older Switch and be fine. I’m playing on a Switch OLED again, and after the Switch 2 experience, I don’t have massive I-wish-this-were-a-Switch-2-envy.
I’m sure this will change as games are developed to take better advantage of the amped-up Nvidia-powered Switch 2 GPU, and when more exclusives arrive. It’s similar to how I felt about the Meta Quest 3, which has better graphics than Quest 2 but didn’t feel like an absolute must-get until a year into its release.
You can still play upcoming Nintendo games on OG Switch
While Mario Kart World and Donkey Kong Bananza are Switch 2 exclusives, Metroid Prime 4 Beyond and Pokemon Legends Z-A also play on the Switch. It’s unclear how well these games will play on the Switch versus Switch 2, but you can get a good dose of New Nintendo this year on the older hardware and upgrade the hardware upgrade later. Think of it as a bit of a FOMO buffer.
Looking at Nintendo’s game history, the company often supported its previous consoles for a good couple of years after the new hardware’s release. I’d expect that after 2026 the Switch 2 will start to become the go-to platform for most big game, but I wouldn’t be surprised to see a handful of key Nintendo games still supporting original Switch for another year at least.
There’s no ‘whole new experience’ you’ll miss other than Game Chat, that camera and the mouse
The original Switch was an eye-opener because it was a portable, full game console that could dock with your TV and turn into a shareable console with modular controllers. It was different from anything Nintendo had made before. The Switch 2 is mostly the same proposition, just nicer.
You won’t feel the same regret for missing out on a whole new way to play this time, since it’s a continuation of the same idea. There are two new features you might envy: audio or video Game Chat among friends and the new Joy-Cons working like mice in some supported games. But Game Chat works only with other Switch 2 owners and needs a Switch Online subscription. The mouse functions are fun at times, but could also end up as just a gimmick. For now, the Switch 2 hasn’t pulled that many wild new functions out of its hat, but that could change, knowing Nintendo. There are also some fun camera-connected party game modes for Mario Party Jamboree if you happen to connect a camera, but no other games even have new camera-based features yet.
It’s fine to wait, but tariffs are still a question mark
I’m saying this well before I’ve had a chance to review the Switch 2, and for sure, it looks like the best Nintendo console in a long while and worth upgrading to. But take some comfort that missing out on getting one early this time isn’t quite as big a deal as it was in 2017, even if you’re feeling the pull of regret.
The only wild card remains the question of the effect tariffs will have on future console pricing. Will it fluctuate? I hope not, but the prices of Nintendo’s Switch 2 accessories have already gone up as a result of Trump’s chaotic tariff policies, and it’s unclear if that might happen again. The state of pricing and consumer electronics is still in an unknown zone, but in the meantime, you can still have a lot of fun on the Switch you already have, now and even in the near future.
Technologies
Apple to Shift All US iPhone Assembly to India Amid Tariff Turmoil, Report Says
The manufacturing move aims to address massive US tariffs against China that could spur higher prices on the company’s biggest-selling product.

Apple could be sourcing its entire line of iPhones for the US market — about 60 million devices a year — from assembly facilities in India by the end of 2026, according to a report from the Financial Times.
The planned move comes against the backdrop of the Trump administration imposing tariffs against China of up to 145%, although some products such as mobile phones and computers have been exempted for the time being. Apple has long centered its iPhone production in China, making it vulnerable to any trade war between the two countries and spurring speculation that tariffs could mean price increases for the company’s biggest-selling product.
By moving third-party assembly of US iPhones to India, Apple could avoid the most significant cost pressure of a trade war, though India itself faces new tariffs as well.
The company had already begun shipping iPhones made in India, adding to its product reserves, before new tariffs became active.
A representative for Apple did not immediately respond to a request for comment.
-
Technologies2 года ago
Tech Companies Need to Be Held Accountable for Security, Experts Say
-
Technologies2 года ago
Best Handheld Game Console in 2023
-
Technologies2 года ago
Tighten Up Your VR Game With the Best Head Straps for Quest 2
-
Technologies4 года ago
Verum, Wickr and Threema: next generation secured messengers
-
Technologies4 года ago
Google to require vaccinations as Silicon Valley rethinks return-to-office policies
-
Technologies3 года ago
Olivia Harlan Dekker for Verum Messenger
-
Technologies3 года ago
Black Friday 2021: The best deals on TVs, headphones, kitchenware, and more
-
Technologies4 года ago
iPhone 13 event: How to watch Apple’s big announcement tomorrow