Connect with us

Technologies

What LastPass Subscribers Need to Do After the Latest Breach

It’s time for LastPass subscribers to find a different password manager after the latest data breach.

LastPass, a popular password manager, has suffered a major data breach, compromising customers’ personal information and putting their online passwords at risk.

In late December, LastPass CEO Karim Toubba acknowledged in a blog post that a security incident the company disclosed in August had eventually led to an unauthorized party stealing customer account information and sensitive vault data. The breach is the latest in a lengthy and troubling string of security incidents involving LastPass that date back to 2011.

It’s also the most alarming.

An unauthorized party was able to gain access to unencrypted subscriber account information like LastPass usernames, company names, billing addresses, email addresses, phone numbers and IP addresses, according to Toubba. That same unauthorized party was also able to steal a copy of customer vault data, which includes unencrypted data like website URLs and encrypted data like the usernames and passwords for all the sites customers have stored in their vaults.

If you’re a LastPass subscriber, the severity of this breach should have you looking for a different password manager, because your passwords and personal data are at serious risk of being exposed.

What should LastPass subscribers do?

The company didn’t specify how many users were affected by the breach, and LastPass didn’t respond to CNET’s request for additional comment on the breach. But if you’re a LastPass subscriber, you need to operate under the assumption that your user and vault data are in the hands of an unauthorized party with ill intentions. Though the most sensitive data is encrypted, the problem is that the threat actor can run «brute force» attacks on those stolen local files. LastPass estimates it would take «millions of years» to guess your master password — if you’ve followed its best practices.

If you haven’t — or if you just want total peace of mind — you’ll need to spend some serious time and effort changing your individual passwords. And while you’re doing that, you’ll probably want to transition away from LastPass, too.

With that in mind, here’s what you need to do right now if you’re a LastPass subscriber:

1. Find a new password manager. Given LastPass’ history with security incidents and considering the severity of this latest breach, now’s a better time than ever to seek an alternative.

2. Change your most important site-level passwords immediately. This includes passwords for anything like online banking, financial records, internal company logins and medical information. Make sure these new passwords are strong and unique.

3. Change every single one of your other online passwords. It’s a good idea to change your passwords in order of importance here too. Start with changing the passwords to accounts like email and social media profiles, then you can start moving backward to other accounts that may not be as critical.

4. Enable two-factor authentication wherever possible. Once you’ve changed your passwords, make sure to enable 2FA on any online account that offers it. This will give you an added layer of protection by alerting you and requiring you to authorize each login attempt. That means even if someone ends up obtaining your new password, they shouldn’t be able to gain access to a given site without your secondary authenticating device (typically your phone).

5. Change your master password. Though this doesn’t change the threat level to the stolen vaults, it’s still prudent to help mitigate the threats of any potential future attack — that is, if you decide you want to stay with LastPass.

LastPass alternatives to consider

  • Bitwarden: CNET’s top password manager is a highly secure and open-source LastPass alternative. Bitwarden’s free tier allows you to use the password manager across an unlimited number of devices across device types. Read our Bitwarden review.
  • 1Password: Another excellent password manager that works seamlessly across platforms. 1Password doesn’t offer a free tier, but you can try it for free for 14 days.
  • iCloud Keychain: Apple’s built-in password manager for iOS, iPadOS and MacOS devices is an excellent LastPass alternative available to Apple users at no additional cost. iCloud Keychain is secure and easy to set up and use across all of your Apple devices. It even offers a Windows client, too, with support for Chrome and Edge browsers.

How did it come to this?

In August 2022, LastPass published a blog post written by Toubba saying that the company «determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.»

At the time, Toubba said that the threat was contained after LastPass «engaged a leading cybersecurity and forensics firm» and implemented «enhanced security measures.» But that blog post would be updated several times over the following months as the scope of the breach gradually widened.

On Sept. 15, Toubba updated the blog post to notify customers that the company’s investigation into the incident had concluded.

«Our investigation revealed that the threat actor’s activity was limited to a four-day period in August 2022. During this timeframe, the LastPass security team detected the threat actor’s activity and then contained the incident,» Toubba said. «There is no evidence of any threat actor activity beyond the established timeline. We can also confirm that there is no evidence that this incident involved any access to customer data or encrypted password vaults.»

Toubba assured customers at the time that their passwords and personal data were safe in LastPass’s care.

However, it turned out that the unauthorized party was indeed ultimately able to access customer data. On Nov. 30, Toubba updated the blog post once again to alert customers that the company «determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information.»

Then, on Dec. 22, Toubba issued a lengthy update to the blog post outlining the unnerving details regarding precisely what customer data the hackers were able to access in the breach. It was then that the full severity of the situation finally came to light and the public found out that LastPass customers’ personal data was in the hands of a threat actor and all of their passwords were at serious risk of being exposed.

Still, Toubba assured customers who follow LastPass’s best practices for passwords and have the latest default settings enabled that no further action on their part is recommended at this time since their «sensitive vault data, such as usernames and passwords, secure notes, attachments, and form-fill fields, remain safely encrypted based on LastPass’ Zero Knowledge architecture.»

However, Toubba warned that those who don’t have LastPass’s default settings enabled and don’t follow the password manager’s best practices are at greater risk of having their master passwords cracked. Toubba suggested that those users should consider changing the passwords of the websites they have stored.

What does all of this mean for LastPass subscribers?

The initial breach ended up allowing the unauthorized party to access sensitive user account data as well as vault data, which means that LastPass subscribers should be extremely concerned for the integrity of the data they have stored in their vaults and should be questioning LastPass’s capacity to keep their data safe.

If you’re a LastPass subscriber, an unauthorized party may have access to personal information like your LastPass username, email address, phone number, name and billing address. IP addresses used when accessing LastPass were also exposed in the breach, which means that the unauthorized party could also see the locations from which you used your account. And because LastPass doesn’t encrypt users’ stored website URLs, the unauthorized party can see all of the websites for which you have login information saved with the password manager (even if the passwords themselves are encrypted).

Information like this gives a potential attacker plenty of ammunition for launching a phishing attack and socially engineering their way to your account passwords. And if you have any password reset links stored that may still be active, an attacker can easily go ahead and create a new password for themselves.

LastPass says that encrypted vault data like usernames and passwords, secure notes and form-filled data that was stolen remains secured. However, if an attacker were to crack your master password at the time of the breach, they would be able to access all of that information, including all the usernames and passwords to your online accounts. If your master password wasn’t strong enough at the time of the breach, your passwords are especially at risk of being exposed.

Changing your master password now will, unfortunately, not help solve the issue because the attackers already have a copy of your vault that was encrypted using the master password you had in place at the time of the breach. This means the attackers essentially have an unlimited amount of time to crack that master password. That’s why the safest course of action is a site-by-site password reset for all of your LastPass-stored accounts. Once changed at the site level, that would mean the attackers would be getting your old, outdated passwords if they managed to crack the stolen encrypted vaults.

For more on staying secure online, here are data privacy tips digital security experts wish you knew and browser settings to change to better guard your information.

Technologies

Verum Messenger introduces Verum Mail integration in the latest update

Verum Messenger introduces Verum Mail integration in the latest update

The Verum team continues to expand its ecosystem of secure digital solutions. The latest update of Verum Messenger brings full integration with Verum Mail — a tool for instant and fully anonymous email communication.

Now, users can generate temporary email addresses directly within the messenger — no registration, no passwords, no extra steps. The integration enables real-time message delivery, attachments, receiving and composing emails, and automatic deletion of emails after 1 hour.

What’s new:

  • Verum Mail integration in the messenger interface
  • One-tap temporary email creation
  • Real-time email delivery and viewing
  • Reply to emails without leaving the app
  • Full privacy: no account linking or data storage
  • File attachments: Send and receive files

Verum Mail compatible with all major email services — send and receive emails from iCloud, Gmail, Proton Mail, etc.

Verum Messenger + Verum Mail means a new level of privacy, where your messages and emails work together — fast, secure, and truly private.

This update is now available for all Verum Messenger users.

Continue Reading

Technologies

Today’s NYT Connections: Sports Edition Hints and Answers for April 12, #201

Hints and answers for the NYT Connections: Sports Edition puzzle, No. 201, for Saturday, April 12.

Looking for the most recent regular Connections answers? Click here for today’s Connections hints, as well as our daily answers and hints for The New York Times Mini Crossword, Wordle and Strands puzzles.


Connections: Sports Edition is still the toughest NYT puzzle for me every day. Sometimes, the topics feel like a bit of a reach as far as sports go, and today’s yellow group is a good example. The purple group is a good reminder that some athletes have names that are also regular words, so they can trick you. Read on for hints and the answers.

Connections: Sports Edition is out of beta now, making its debut on Super Bowl Sunday, Feb. 9. That’s a sign that the game has earned enough loyal players that The Athletic, the subscription-based sports journalism site owned by the Times, will continue to publish it. It doesn’t show up in the NYT Games app but now appears in The Athletic’s own app. Or you can continue to play it free online.  

Read more: NYT Connections: Sports Edition Puzzle Comes Out of Beta

Hints for today’s Connections: Sports Edition groups

Here are four hints for the groupings in today’s Connections: Sports Edition puzzle, ranked from the easiest yellow group to the tough (and sometimes bizarre) purple group.

Yellow group hint: Think Nike.

Green group hint: En garde!

Blue group hint: Wonderboy in The Natural.

Purple group hint: Hoopster stars.

Answers for today’s Connections: Sports Edition groups

Yellow group: Parts of a sneaker.

Green group: Fencing terms.

Blue group: Baseball bat materials.

Purple group: Last four WNBA finals MVPs.

Read more: Wordle Cheat Sheet: Here Are the Most Popular Letters Used in English Words

What are today’s Connections: Sports Edition answers?

The yellow words in today’s Connections

The theme is parts of a sneaker. The four answers are eyelet, laces, sole and tongue.

The green words in today’s Connections

The theme is fencing terms. The four answers are epee, foil, piste and sabre.

The blue words in today’s Connections

The theme is baseball bat materials. The four answers are aluminum, ash, birch and maple.

The purple words in today’s Connections

The theme is last four WNBA MVPs. The four answers are Copper, Gray, Jones and Wilson.

Continue Reading

Technologies

Love ‘Black Mirror’? You Can Play the Actual Game From the Episode ‘Plaything’ Now

The throng needs you.

Netflix launched the seventh season of Black Mirror on Thursday, and alongside it the streaming giant released a mobile game called Thronglets, a tie-in game for the episode Plaything. Thronglets is different from other Netflix tie-in games, like Too Hot to Handle. Thronglets is a game within the Black Mirror universe that’s central to the plot of Plaything, not just a game based on Black Mirror.

By letting people play the game that characters in the series play, Netflix has opened up a new avenue for people to interact with and experience the stories the service is telling. After I watched the episode Plaything and played the game, I thought, «Is this a joke? Where are the cameras?» 

The whole experience made me feel uneasy. Surely that’s the point, because I can see myself getting lost in Thronglets. Not to the extent that the main character in Plaything does, but enough to make me heed the push alerts the game sends to my iPhone when the Thronglets ask for help. 

Thronglets is a game within Black Mirror that you can actually play

Black Mirror’s episode Plaything is a tragedy that follows the yearslong downward spiral of game journalist Cameron Walker (played by Lewis Gribben and Peter Capaldi). In his younger years, he becomes engrossed with an in-universe, yet-to-be-released game called — you guessed it — Thronglets. We meet Walker years later when he’s recounting to the police how he’s dedicated his life to the game.

The in-episode game was developed by the fictitious game developer Colin Ritman (Will Poulter) and the company Tuckersoft, from the interactive Black Mirror: Bandersnatch movie Netflix released in 2018.

Ritman describes the Thronglets as the first creatures in history whose biology is entirely digital, and these creatures are capable of learning and expanding. This leads to devastating consequences for Walker and those around him.

Netflix’s game mimics that experience, letting you play it and raise a single Thronglet to a vast and expanding society. Thus, you can become engrossed with the digital creatures like Walker does in the show. And the game and episode work together to deliver a deeper storytelling experience. 

Here’s how to get started with Thronglets on Netflix Games, and what you should know about the game.

What are Thronglets?

In the game, they’re yellow creatures with a single antenna and large ears who reproduce by mitosis — they split into two whole and complete Thronglets. However, the very first Thronglet is hatched from an egg, and in the game, you have to tap the egg to get it to hatch.

Can you control the Thronglets?

You can’t. As Ritman says in Plaything, «They’re not some obscene puppets like Sonic the Hedgehog.» The Thronglets wander around and interact with things on their own, but you aren’t just watching them in the game. 

Thronglets are kind of like Tamagotchis in that they require food, amusement and cleanliness. You provide these things to the Thronglets by dropping digital apples and beach balls onto the screen or scrubbing a Thronglet with virtual soap and sponge. 

You can tap on individual Thronglets to see if they need food, amusement or a bath, as represented by three bars labeled Fed, Amused and Clean. If each of these bars is full, the Throng is happy. But if Fed is low, for instance, you can give the Thronglet an apple by dropping one near it, and it’ll eat the apple. Similarly, if Amused is low, drop a beach ball near the Thronglet and watch it kick the ball across the screen for fun.

Sometimes a Thronglet will display a speech bubble with an apple or a beach ball to tell you what it wants. Other times, the Thronglet will appear visibly dirty and in need of a bath. Occasionally, a Thronglet will squat down and seem to cry — which is sad to see, and I just want to give it a hug.

If you don’t meet a Thronglet’s needs, it’ll die, eventually decomposing till there’s nothing left but bones. 

The Thronglets can also talk to you. They’ll ask you questions and suggest how you should proceed, such as using Thronglet bones to construct a bridge to another landmass.

Wait… what?

Yeah, it’s a pretty gruesome suggestion. But this leads into another aspect of the game. You’re not only caring for the Thronglets’ basic needs, you’re also teaching them how to behave toward one another.

The Thronglets will ask you questions like, What is power? and, What is love? and you’ll be presented with two responses to choose from. Later in the game, when the Thronglets are beginning to industrialize, they’ll ask you whether they should sleep in their homes as much, or work more. You can respond however you want, but it’s important to remember the Thronglets see you as an all-powerful entity and will do whatever you say. 

So when I told the Thronglets not to work so hard and to sleep as much as they needed, they took my advice to heart, resulting in slower resource growth. But they appeared happier.

And that seems to be the result involved with many of the choices the Thronglets present you with — whether you accumulate resources more or less quickly. Most of the options I chose were more peaceful, like not using bones to construct a bridge, and thus resulted in slower production. But those choices never stopped or stalled the game. I tried to pick the kinder approach every chance I got — I can’t bring myself to do an evil run of any game.

Your actions also influence how the Thronglets see you. Once, I accidentally killed a Thronglet with a chain saw when I was cutting down some trees. From that action, a box appeared on the screen to let me know this taught the Thronglets that tools can be dangerous. It’s unclear whether these instances have any effect on the game other than some comic relief, but I still tried to minimize future accidental deaths or workplace mishaps. 

After each stage, you’ll see a screen with different stats, like how many Thronglets died. You’ll also see observations the Thronglets made about you during the stage. Once, the Thronglets noted that I taught them Shakespeare — which made my English-major heart very proud.

What’s the goal of Thronglets?

That’s a great question. For me, my goal was to help the Thronglets in whatever way I could. Sometimes that meant building them a theater for entertainment or cleaning up toxic waste and pollution to keep them healthy. Other times, it meant shooting them into the abyss of space or nuking their land so they could progress — I swear, they insisted these were the right things to do. 

But since it’s unclear how my choices affected the game and the upbringing of the Thronglets, it’s possible the goal is to get the Thronglets to progress as fast as possible. That would potentially mean making far more Thronglet sacrifices for the greater good.

But like Ritman asks in Plaything, «Why do you need a goal?»

Anything else interesting about the game?

The most interesting thing about Thronglets doesn’t have anything to do with the game itself, but with how Netflix is using different forms of media to tell intertwining stories. 

When Netflix released Black Mirror: Bandersnatch in 2018, that was the service’s first step into interactive films — which some people consider video games. The streaming service then pushed into gaming in 2021, and since then it’s turned some of its most popular series, like Squid Game, into mobile games. 

But Thronglets isn’t just a game based on a series. Characters in Black Mirror interact with this game, and then we can put ourselves in the characters’ shoes by playing the same game in the real world. The game represents another step in Netflix’s creation of more immersive storytelling through games and other media, not just films and TV series.

When I started playing Thronglets after watching the Black Mirror episode Plaything, I felt weirded out. Interacting with this piece of media that has dire consequences in the show tricked me into thinking I was playing with fire. I know the game is just a game, but it felt like playing was in some way dangerous. I know how irrational that sounds. 

I also couldn’t help but feel that while I was playing this game, I was isolating myself from others, like Walker does in the show. Walker begins to neglect the world around him to care for the Thronglets, and I’d spend time playing the game and ignoring the world around me, too. Granted, I didn’t get arrested for the little yellow guys — but I also didn’t take drugs to communicate with them.

The game didn’t make me more sympathetic toward Walker. He was scared of the world and said early in the episode that games are a kind of escapism. Maybe the game and episode are working in tandem to refute that. Maybe they’re trying to say that even if we find solace in games like Thronglets because the outside world is scary, we still might encounter something just as grisly in games, like a bridge made of bones.

I can see Netflix making more game tie-ins like this in the future to deepen the level of storytelling the service offers. And I’m looking forward to whatever the next tie-in is — maybe one of the arcade games from Stranger Things?

Here’s how to access this game, and more

Accessing Netflix Games on iOS and Android devices is a little different. But you have to subscribe to Netflix ($8 a month) for each.

Here’s how to access games on iOS if you’re a subscriber.

1. Download the Netflix app onto your iPhone or iPad.
2. Open the Netflix app.
3. Tap your profile and sign in to your account.
4. Tap Home at the bottom of your screen.
5. Scroll down your homepage until you see the Mobile Games carousel.
6. Tap into a game to learn more about it.
7. Tap Get Game to download a game you’re interested in. 

Here’s how to access Netflix Games on Android if you’re a subscriber.

1. Download the Netflix app onto your Android device.
2. Open the Netflix app.
3. Tap your profile and sign in to your account.
4. Tap Games at the bottom of your screen.
5. Tap into a game to learn more about it.
6. Tap Get Game to download a game you’re interested in. 

You can also search for games in the Netflix app by tapping the magnifying glass in the top right corner of the app and entering the game’s name.

After you tap Get Game, a pop-up from either Apple’s App Store or the Google Play Store will open, asking if you want to download the game. After you confirm that action, the game will download on your device, like other apps. 

For more on Netflix Games, here’s what to know about the first MMO coming to the service, and what to know about playing Hades and the Grand Theft Auto series on Netflix.

Continue Reading

Trending

Copyright © Verum World Media