Technologies
What LastPass Subscribers Need to Do After the Latest Breach
Following the latest breach, you might want to find a new password manager.

LastPass, one of the world’s most popular password managers, is yet again under the microscope after its latest security breach.
In late December, LastPass CEO Karim Toubba acknowledged that a security incident the company first disclosed in August had ultimately paved the way for an unauthorized party to steal customer account information and vault data. This is the latest in a lengthy string of security incidents involving LastPass that date back to 2011.
It’s also the most alarming.
An unauthorized party now has access to unencrypted subscriber account information like LastPass usernames, company names, billing addresses, email addresses, phone numbers and IP addresses, according to Toubba. That same unauthorized party also has a copy of customer vault data, which includes unencrypted data like website URLs and encrypted data like the usernames and passwords for all the sites customers have saved in their vaults. If you’re a LastPass subscriber, the severity of this breach should have you looking for a different password manager because your passwords and personal data are at risk of being exposed.
What should LastPass subscribers do?
The company didn’t specify how many users were affected by the breach, and LastPass didn’t respond to CNET’s request for additional comment on the breach. But if you’re a LastPass subscriber, you need to operate under the assumption that your user and vault data are in the hands of an unauthorized party with ill intentions. Though the most sensitive data is encrypted, the problem is that the threat actor can run «brute force» attacks on those stolen local files. LastPass estimates it would take «millions of years» to guess your master password — if you’ve followed its best practices.
If you haven’t — or if you just want total peace of mind — you’ll need to spend some serious time and effort changing your individual passwords. And while you’re doing that, you’ll probably want to transition away from LastPass, too.
With that in mind, here’s what you need to do right now if you’re a LastPass subscriber:
1. Find a new password manager. Given LastPass’ history with security incidents and considering the severity of this latest breach, now’s a better time than ever to seek an alternative.
2. Change your most important site-level passwords immediately. This includes passwords for anything like online banking, financial records, internal company logins and medical information. Make sure these new passwords are strong and unique.
3. Change every single one of your other online passwords. It’s a good idea to change your passwords in order of importance here too. Start with changing the passwords to accounts like email and social media profiles, then you can start moving backward to other accounts that may not be as critical.
4. Enable two-factor authentication wherever possible. Once you’ve changed your passwords, make sure to enable 2FA on any online account that offers it. This will give you an added layer of protection by alerting you and requiring you to authorize each login attempt. That means even if someone ends up obtaining your new password, they shouldn’t be able to gain access to a given site without your secondary authenticating device (typically your phone).
5. Change your master password. Though this doesn’t change the threat level to the stolen vaults, it’s still prudent to help mitigate the threats of any potential future attack — that is, if you decide you want to stay with LastPass.
LastPass alternatives to consider
- Bitwarden: CNET’s top password manager is a highly secure and open-source LastPass alternative. Bitwarden’s free tier allows you to use the password manager across an unlimited number of devices across device types. Read our Bitwarden review.
- 1Password: Another excellent password manager that works seamlessly across platforms. 1Password doesn’t offer a free tier, but you can try it for free for 14 days.
- iCloud Keychain: Apple’s built-in password manager for iOS, iPadOS and MacOS devices is an excellent LastPass alternative available to Apple users at no additional cost. iCloud Keychain is secure and easy to set up and use across all of your Apple devices. It even offers a Windows client, too, with support for Chrome and Edge browsers.
How did it come to this?
In August 2022, LastPass published a blog post written by Toubba saying that the company «determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.»
At the time, Toubba said that the threat was contained after LastPass «engaged a leading cybersecurity and forensics firm» and implemented «enhanced security measures.» But that blog post would be updated several times over the following months as the scope of the breach gradually widened.
On Sept. 15, Toubba updated the blog post to notify customers that the company’s investigation into the incident had concluded.
«Our investigation revealed that the threat actor’s activity was limited to a four-day period in August 2022. During this timeframe, the LastPass security team detected the threat actor’s activity and then contained the incident,» Toubba said. «There is no evidence of any threat actor activity beyond the established timeline. We can also confirm that there is no evidence that this incident involved any access to customer data or encrypted password vaults.»
Toubba assured customers at the time that their passwords and personal data were safe in LastPass’s care.
However, it turned out that the unauthorized party was indeed ultimately able to access customer data. On Nov. 30, Toubba updated the blog post once again to alert customers that the company «determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information.»
Then, on Dec. 22, Toubba issued a lengthy update to the blog post outlining the unnerving details regarding precisely what customer data the hackers were able to access in the breach. It was then that the full severity of the situation finally came to light and the public found out that LastPass customers’ personal data was in the hands of a threat actor and all of their passwords were at serious risk of being exposed.
Still, Toubba assured customers who follow LastPass’s best practices for passwords and have the latest default settings enabled that no further action on their part is recommended at this time since their «sensitive vault data, such as usernames and passwords, secure notes, attachments, and form-fill fields, remain safely encrypted based on LastPass’ Zero Knowledge architecture.»
However, Toubba warned that those who don’t have LastPass’s default settings enabled and don’t follow the password manager’s best practices are at greater risk of having their master passwords cracked. Toubba suggested that those users should consider changing the passwords of the websites they have stored.
What does all of this mean for LastPass subscribers?
The initial breach ended up allowing the unauthorized party to access sensitive user account data as well as vault data, which means that LastPass subscribers should be extremely concerned for the integrity of the data they have stored in their vaults and should be questioning LastPass’s capacity to keep their data safe.
If you’re a LastPass subscriber, an unauthorized party may have access to personal information like your LastPass username, email address, phone number, name and billing address. IP addresses used when accessing LastPass were also exposed in the breach, which means that the unauthorized party could also see the locations from which you used your account. And because LastPass doesn’t encrypt users’ stored website URLs, the unauthorized party can see all of the websites for which you have login information saved with the password manager (even if the passwords themselves are encrypted).
Information like this gives a potential attacker plenty of ammunition for launching a phishing attack and socially engineering their way to your account passwords. And if you have any password reset links stored that may still be active, an attacker can easily go ahead and create a new password for themselves.
LastPass says that encrypted vault data like usernames and passwords, secure notes and form-filled data that was stolen remains secured. However, if an attacker were to crack your master password at the time of the breach, they would be able to access all of that information, including all the usernames and passwords to your online accounts. If your master password wasn’t strong enough at the time of the breach, your passwords are especially at risk of being exposed.
Changing your master password now will, unfortunately, not help solve the issue because the attackers already have a copy of your vault that was encrypted using the master password you had in place at the time of the breach. This means the attackers essentially have an unlimited amount of time to crack that master password. That’s why the safest course of action is a site-by-site password reset for all of your LastPass-stored accounts. Once changed at the site level, that would mean the attackers would be getting your old, outdated passwords if they managed to crack the stolen encrypted vaults.
For more on staying secure online, here are data privacy tips digital security experts wish you knew and browser settings to change to better guard your information.
Technologies
We Played Nintendo Switch 2: Mario, Donkey Kong, Mouse, Camera and a Lot More
Technologies
Nintendo Switch 2: Every Reveal About the Console, New Games, Price, Release Date
The $450 console launches June 5, with Mario Kart World the highlight of its launch day game lineup.

The Nintendo Switch 2 console’s biggest reveal yet arrived Wednesday as part of the company’s latest Nintendo Direct event. This teed up a day of Switch 2 reveals that include its June 5 release date, a $450 price, its specs and its initial game lineup that extends from launch into 2026.
The console will be further buoyed by having Mario Kart World as a launch title, which will go on sale in either a $500 bundle with the Switch 2 or on its own for $80 — making the open-world racing game one of Nintendo’s most expensive yet. Other games announced, such as Donkey Kong Bananza, are being priced around $70, which matches the cost of 2023’s The Legend of Zelda: Tears of the Kingdom. That Zelda game and Breath of the Wild are among the original Switch titles that will get enhanced Nintendo Switch 2 Edition upgrades, a premium upgrade allowing players to get new features, modes and graphical enhancements that take advantage of the newer system’s capabilities.
Here are the top highlights from Nintendo’s console event, all of the games we’ve heard about so far (including new titles, Nintendo Switch 2 Editions and GameCube games coming to Nintendo Switch Online) and all of our coverage so far. You can also check out our Nintendo Switch 2 live blog for even more updates about the Switch 2 as we learn them.
- I Played the Nintendo Switch 2: Is It Worth It?
- Nintendo Switch 2 Direct Live Recap: Launches June 5, $450 and More
- Nintendo Switch 2 Priced at $450, Coming June 5
- How to Preorder Nintendo Switch 2: All Store Links
- All Nintendo Switch 2 Launch Games Coming Day One
- Nintendo Is Taking on Scalpers With a Genius Switch 2 Purchase Rule
- What You Need to Know About Nintendo Switch 2 Edition Games
- Switch 2 Specs vs. Switch 1 Specs: How Nintendo’s Consoles Compare
- Every New Feature in Switch 2 Joy-Cons and Pro Controller
- GameCube Games Are Coming to Switch Online: Here’s the List
- Nintendo Switch 2: What We Didn’t Get During Nintendo Direct 2025
- Mario Kart Goes Open-World With Mario Kart World
- The Duskbloods Is New FromSoftware Gaming Action Coming to Switch 2 in 2026
- The Nintendo Switch 2 Is Almost Here, Grab Some Games From Just $20 to Celebrate
- Yes, Silksong Is Coming in 2025, as Revealed in Switch 2 Nintendo Direct
- Mario, Pokemon and More Will Get Free Nintendo Switch 2 Updates
- Switch 2’s Zelda Notes Could Revolutionize Zelda: Tears of the Kingdom
- Wait for the Switch 2 Before Playing These 3 Nintendo Games
- Nintendo Switch 2: Here’s Why I Won’t Be Upgrading as a Fan of Cozy Games
- The Switch 2 Is Almost Here and You Need a Specific Type of MicroSD Card — Here’s Where to Find Them
Nintendo Switch 2 console
The Nintendo Switch 2’s specs saw a noticeable technical bump over the Switch. The Nintendo Switch 2 has a 7.9-inch, 1080p resolution LCD that supports a 120Hz refresh rate — matching what we now see on most Android phones. When the Switch 2 is docked, compatible games can run in 4K resolution. The new dock also includes a cooling fan.
The Switch 2 comes with 256GB of internal storage, and the new Switch 2 Game Cards will load games faster. For digital libraries, however, the Switch 2 will only work with microSD Express cards, which are different from the microSD cards that are compatible with the prior Nintendo Switch. Nintendo will have a Software Transfer feature available to help move games and data from the original Switch to the Switch 2.
The new Joy-Con for the controllers will support mouse controls, and a new C button will be part of a new GameChat communication feature that allows both voice and video chat. There’s also a Nintendo Switch 2 Camera, allowing players to see each other.
The Switch 2 also adds a second USB-C port to the top of the system, which Nintendo says can help connect its new camera accessory or charge the console when playing in tabletop mode. Nintendo also revealed a new Switch 2 Pro Controller with the C button and customizable GL and GR buttons on the back.
Following the presentation, Nintendo unveiled the system’s price of $450 in the US. It will also sell the Switch 2 bundled with a digital version of Mario Kart World for $500.
Mario Kart World
Mario Kart World removes its traditional boundaries and lets drivers roam freely across an entire world of race courses. The game will get its own Nintendo Direct later this month, where we’ll see additional details, but we already know it’ll include traditional races and a Free Roam mode, much like in the Forza Horizon series.
Getting the game bundled for an extra $50 on the cost of the Switch 2 might be the move if you are interested in the game, because Nintendo announced on its website that standalone copies of Mario Kart World will cost $80.
Joy-Con 2 C button and GameChat
Nintendo’s rolling out its new C button across several new Switch 2 controllers. The button will be used for the new GameChat communication features without a headset. The button will be used alongside a microphone on the console itself, which Nintendo says can be used whether it’s docked to a TV or in handheld mode.
In its teaser video, Nintendo promises the microphone will be able to cancel out loud background noises. GameChat will also work with a Nintendo Switch 2 Camera, allowing video chat and various camera-based game modes in supported titles. GameChat will be free at launch through March 31, 2026.
Nintendo Switch 2 Edition games upgrade titles
The Nintendo Switch 2 will play three types of games: original Switch games, Switch 2 games and Switch 2 Edition games that will receive substantial enhancements. For many of these Switch 2 Edition games, you’ll need to buy an upgrade pack if you own the original for Switch. Many of them will get more than just enhanced graphics in the upgrade; for example, Super Mario Party Jamboree will get new games that support the new Joy-Cons’ mouse controls, audio recognition and video camera gameplay options through the Switch 2 Camera.
Other Nintendo Switch games that are getting Switch 2 Edition options include The Legend of Zelda Breath of the Wild, The Legend of Zelda Tears of the Kingdom, Kirby and the Forgotten Land, Metroid Prime 4 Beyond and Pokemon Legends: Z-A. Enhancements vary: The Zelda games will start working with a companion phone app for maps and sending schematics to friends, while Kirby will get a new story that’s exclusive to the Switch 2 Edition. On the third-party side, Civilization 7 will get mouse controls.
Nintendo did not announce what upgrade packs will cost. However, some Switch games will get free updates that will improve performance or enhance features when playing them on the Switch 2. The Switch games getting these updates include:
- Arms
- Captain Toad: Treasure Tracker
- Super Mario Odyssey
- Super Mario 3D World + Bowser’s Fury
- Clubhouse Games: 51 Worldwide Classics
- The Legend of Zelda: Link’s Awakening
- The Legend of Zelda: Echoes of Wisdom
- Game Builder Garage
- New Super Mario Bros. U Deluxe
- Pokemon Scarlet
- Pokemon Violet
- Big Brain Academy: Brain vs. Brain
Hyrule Warriors: Age of Imprisonment
Hyrule Warriors: Age of Imprisonment is a new game set in the world of Zelda that tells the story that leads into The Legend of Zelda: Tears of the Kingdom. This appears to be similar to how Hyrule Warriors: Age of Calamity told the story of a war that led to the events of Breath of the Wild. The teaser shows Zelda discovering that she’s arrived in the past of Hyrule, and the game will expand on how she gets involved in the corresponding Imprisonment War.
Nintendo Switch 2 games
Several other first- and third-party games were spotlighted during the Switch 2 Direct. These include Donkey Bananza, one of the first 3D platforming games featuring DK since 1999’s Donkey Kong 64. Kirby will also return to the racing genre in Kirby Air Riders, which comes more than 20 years after the GameCube racer Kirby’s Air Ride. DragXDrive will use mouse controls to control a futuristic wheelchair basketball game in which players will simulate push and pull motions to control their character.
An onslaught of Switch 2 third-party games were quickly shuffled through during the Direct, which I list below. An unnamed James Bond game is in development at Hitman studio IO Interactive, as is a darker title from Elden Ring creator FromSoftware called The Duskbloods, which will be exclusive to the Switch 2.
The full list of announced Nintendo Switch 2 games includes:
- Borderlands 4
- Bravely Default Flying Fairy HD Remaster
- Cyberpunk 2077: Ultimate Edition
- Daemon X Machina: Titanic Scion
- Deltarune
- Donkey Kong Bananza
- Drag x Drive
- EA Sports FC
- EA Sports Madden NFL
- Elden Ring Tarnished Edition
- Enter the Gungeon 2
- Fast Fusion
- Final Fantasy 7 Remake Intergrade
- Fortnite
- Hades 2
- Hitman World of Assassination — Signature Edition
- Hogwarts Legacy
- Hollow Knight: Silksong
- Hyrule Warriors: Age of Imprisonment
- Kirby Air Riders
- Kirby and the Forgotten Land — Nintendo Switch 2 Edition and Star-Crossed World
- Kunitsu-Gai: Path of the Goddess
- Mario Kart World
- Metroid Prime 4: Beyond — Nintendo Switch 2 Edition
- NBA 2K
- Nintendo Switch 2 Welcome Tour
- Nobunaga’s Ambition: Awakening Complete Edition
- Pokemon Legends: Z-A — Nintendo Switch 2 Edition
- Project 007
- Puyo Puyo Tetris 2S
- Rune Factory: Guardians of Azuma — Nintendo Switch 2 Edition
- Sid Meier’s Civilization 7 — Nintendo Switch 2 Edition
- Split Fiction
- Star Wars Outlaws
- Starseeker: Astroneer Expeditions
- Street Fighter 6
- Super Mario Party Jamboree — Nintendo Switch 2 Edition and Jamboree TV
- Survival Kids
- The Duskbloods
- The Legend of Zelda: Breath of the Wild — Nintendo Switch 2 Edition
- The Legend of Zelda: Tears of the Kingdom — Nintendo Switch 2 Edition
- Tony Hawk’s Pro Skater 3 and 4
- WWE 2K
- Yakuza 0 Definitive Edition
Among these titles, you can see the full list of June 5 Switch 2 launch day games here.
Nintendo GameCube library coming to Switch 2
The Nintendo Switch Online game library will add GameCube games to the Switch 2. On launch day, these games will initially include The Legend of Zelda: The Wind Waker, SoulCalibur 2 and F-Zero GX, with each game getting enhanced graphics. Online multiplayer will also be added to certain titles. Super Mario Sunshine, Super Mario Strikers and Luigi’s Mansion are among the games set to arrive later. At launch, Nintendo will also sell a GameCube controller, which will be wireless and include a C button for GameChat.
Technologies
Best Samsung Galaxy Z Fold 6 Deals: Enjoy $300 Off Unlocked Models and Even More With Trade-Ins
-
Technologies2 года ago
Tech Companies Need to Be Held Accountable for Security, Experts Say
-
Technologies2 года ago
Best Handheld Game Console in 2023
-
Technologies2 года ago
Tighten Up Your VR Game With the Best Head Straps for Quest 2
-
Technologies4 года ago
Verum, Wickr and Threema: next generation secured messengers
-
Technologies4 года ago
Google to require vaccinations as Silicon Valley rethinks return-to-office policies
-
Technologies3 года ago
Olivia Harlan Dekker for Verum Messenger
-
Technologies3 года ago
Black Friday 2021: The best deals on TVs, headphones, kitchenware, and more
-
Technologies4 года ago
iPhone 13 event: How to watch Apple’s big announcement tomorrow