Technologies

If You Use LastPass, You Need to Change All of Your Passwords ASAP

You’ll probably also want to find a different password manager, considering the severity of the latest LastPass data breach.

LastPass, one of the world’s most popular password managers, suffered a major data breach in December, putting customers’ online passwords at risk and endangering their personal data.

On Dec. 22, LastPass CEO Karim Toubba acknowledged in a blog post that a security incident the company first disclosed in August eventually led to an «unauthorized party» stealing customer account information and sensitive vault data. The breach is the latest in a lengthy and troubling string of security incidents involving LastPass that date back to 2011.

It’s also the most alarming.

An unauthorized party was able to gain access to unencrypted subscriber account information like LastPass usernames, company names, billing addresses, email addresses, phone numbers and IP addresses, according to Toubba. That same unauthorized party was also able to steal customer vault data, which includes unencrypted data like website URLs as well as encrypted data like the usernames and passwords for all of the sites customers have stored in their vaults.

If you’re a LastPass subscriber, the severity of this breach should have you looking for a different password manager, because your passwords and personal data are at serious risk of being exposed.

What should LastPass subscribers do?

The company didn’t specify how many users were affected by the breach, and LastPass didn’t respond to CNET’s request for additional comment on the breach. But if you’re a LastPass subscriber, you need to operate under the assumption that your user and vault data are in the hands of an unauthorized party with ill intentions. Though the most sensitive data is encrypted, the problem is that the threat actor can run «brute force» attacks on those stolen local files. LastPass estimates it would take «millions of years» to guess your master password — if you’ve followed its best practices.

If you haven’t — or if you just want total peace of mind — you’ll need to spend some serious time and effort changing your individual passwords. And while you’re doing that, you’ll probably want to transition away from LastPass, too.

With that in mind, here’s what you need to do right now if you’re a LastPass subscriber:

1. Find a new password manager. Given LastPass’ history with security incidents and considering the severity of this latest breach, now’s a better time than ever to seek an alternative.

2. Change your most important site-level passwords immediately. This includes passwords for anything like online banking, financial records, internal company logins and medical information. Make sure these new passwords are strong and unique.

3. Change every single one of your other online passwords. It’s a good idea to change your passwords in order of importance here too. Start with changing the passwords to accounts like email and social media profiles, then you can start moving backward to other accounts that may not be as critical.

4. Enable two-factor authentication wherever possible. Once you’ve changed your passwords, make sure to enable 2FA on any online account that offers it. This will give you an added layer of protection by alerting you and requiring you to authorize each login attempt. That means even if someone ends up obtaining your new password, they shouldn’t be able to gain access to a given site without your secondary authenticating device (typically your phone).

5. Change your master password. Though this doesn’t change the threat level to the stolen vaults, it’s still prudent to help mitigate the threats of any potential future attack — that is, if you decide you want to stay with LastPass.

LastPass alternatives to consider

Bitwarden: CNET’s top password manager is a highly secure and open-source LastPass alternative. Bitwarden’s free tier allows you to use the password manager across an unlimited number of devices across device types. Read our Bitwarden review.
1Password: Another excellent password manager that works seamlessly across platforms. 1Password doesn’t offer a free tier, but you can try it for free for 14 days.
iCloud Keychain: Apple’s built-in password manager for iOS, iPadOS and MacOS devices is an excellent LastPass alternative available to Apple users at no additional cost. iCloud Keychain is secure and easy to set up and use across all of your Apple devices. It even offers a Windows client, too, with support for Chrome and Edge browsers.

How did it come to this?

In August 2022, LastPass published a blog post written by Toubba saying that the company «determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.»

At the time, Toubba said that the threat was contained after LastPass «engaged a leading cybersecurity and forensics firm» and implemented «enhanced security measures.» But that blog post would be updated several times over the following months as the scope of the breach gradually widened.

On Sept. 15, Toubba updated the blog post to notify customers that the company’s investigation into the incident had concluded.

«Our investigation revealed that the threat actor’s activity was limited to a four-day period in August 2022. During this timeframe, the LastPass security team detected the threat actor’s activity and then contained the incident,» Toubba said. «There is no evidence of any threat actor activity beyond the established timeline. We can also confirm that there is no evidence that this incident involved any access to customer data or encrypted password vaults.»

Toubba assured customers at the time that their passwords and personal data were safe in LastPass’s care.

However, it turned out that the unauthorized party was indeed ultimately able to access customer data. On Nov. 30, Toubba updated the blog post once again to alert customers that the company «determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information.»

Then, on Dec. 22, Toubba issued a lengthy update to the blog post outlining the unnerving details regarding precisely what customer data the hackers were able to access in the breach. It was then that the full severity of the situation finally came to light and the public found out that LastPass customers’ personal data was in the hands of a threat actor and all of their passwords were at serious risk of being exposed.

Still, Toubba assured customers who follow LastPass’s best practices for passwords and have the latest default settings enabled that no further action on their part is recommended at this time since their «sensitive vault data, such as usernames and passwords, secure notes, attachments, and form-fill fields, remain safely encrypted based on LastPass’ Zero Knowledge architecture.»

However, Toubba warned that those who don’t have LastPass’s default settings enabled and don’t follow the password manager’s best practices are at greater risk of having their master passwords cracked. Toubba suggested that those users should consider changing the passwords of the websites they have stored.

What does all of this mean for LastPass subscribers?

The initial breach ended up allowing the unauthorized party to access sensitive user account data as well as vault data, which means that LastPass subscribers should be extremely concerned for the integrity of the data they have stored in their vaults and should be questioning LastPass’s capacity to keep their data safe.

If you’re a LastPass subscriber, an unauthorized party may have access to personal information like your LastPass username, email address, phone number, name and billing address. IP addresses used when accessing LastPass were also exposed in the breach, which means that the unauthorized party could also see the locations from which you used your account. And because LastPass doesn’t encrypt users’ stored website URLs, the unauthorized party can see all of the websites for which you have login information saved with the password manager (even if the passwords themselves are encrypted).

Information like this gives a potential attacker plenty of ammunition for launching a phishing attack and socially engineering their way to your account passwords. And if you have any password reset links stored that may still be active, an attacker can easily go ahead and create a new password for themselves.

LastPass says that encrypted vault data like usernames and passwords, secure notes and form-filled data that was stolen remains secured. However, if an attacker were to crack your master password at the time of the breach, they would be able to access all of that information, including all the usernames and passwords to your online accounts. If your master password wasn’t strong enough at the time of the breach, your passwords are especially at risk of being exposed.

Changing your master password now will, unfortunately, not help solve the issue because the attackers already have a copy of your vault that was encrypted using the master password you had in place at the time of the breach. This means the attackers essentially have an unlimited amount of time to crack that master password. That’s why the safest course of action is a site-by-site password reset for all of your LastPass-stored accounts. Once changed at the site level, that would mean the attackers would be getting your old, outdated passwords if they managed to crack the stolen encrypted vaults.

For more on staying secure online, here are data privacy tips digital security experts wish you knew and browser settings to change to better guard your information.

Technologies

Artemis II Astronauts Are Using iPhones to Capture Stunning Space Images

After smartphones were cleared by NASA for space missions, the crew members of the Integrity spacecraft are beaming back lots of iPhone photos.

The four astronauts aboard the Integrity spacecraft now headed home from their historic arc around the moon really are like the rest of us: Sometimes they reach for their smartphones to snap photos.

For the Artemis II mission, iPhone 17 Pro Max phones have been used to capture photos inside the capsule of the astronauts pondering the views of Earth and working on mission objectives. (Technically, NASA refers to them as PCDs – personal computing devices.)

Smartphones were cleared for use in space for the first time in February. In a post on X, NASA Administrator Jared Isaacman wrote, «We are giving our crews the tools to capture special moments for their families and share inspiring images and video with the world.»

Early in the mission, Commander Reid Wiseman snapped a pair of photos looking out the window with Earth behind him. Mission specialist Christina Koch and her dynamic curls in zero-gravity also captured a pensive view looking out over the planet. All three were made using the front camera — because wouldn’t you want to grab a selfie if you were in space?

The iPhone 17 Pro’s rear cameras are pulling their own weight during the mission, too. During the live broadcast as the crew approached the moon, Wiseman took a photo of the moon’s surface using the iPhone’s telephoto camera at 8x zoom. He turned the screen toward one of the video cameras mounted inside the spacecraft, creating an image of the moon’s surface alone against the darkness of the unlit cabin, with the iPhone’s signature rounded edges and Dynamic Island cutout at the top.

The main photo workhorses on this trip are a Nikon D5 DSLR and a Nikon Z9. The D5 is a model that has been used on several space excursions, and the Z9 is onboard as an experimental camera.

For NASA missions, every piece of equipment must be tested and certified, which is why the previously-approved D5 has a secure spot. Cameras must be resistent to space environmental factors like radiation, and safe if they’re floating around the capsule. However, the iPhones in space now are off-the-shelf models, according to a report by Jackie Watties of CNN.

The moon flyby was especially photo-intensive, with astronauts switching places several times so that two were always at windows with cameras and relating what they could see with their eyes. This photo of mission specialist and Canadian Space Agency astronaut Jeremy Hansen taking images using one of the Nikon cameras shows how some windows have camera shrouds attached. The shroud ensures that light from the interior isn’t reflected in the glass.

In a particularly relatable photo, Hansen is also using the front-facing camera of a white iPhone 17 Pro — as a portable mirror while he shaves. As the (modified) saying goes, the best selfie screen is the one you have with you.

The iPhone 17 Pro isn’t the first Apple product to go into space. Crew members have taken iPods, iPads and AirPods on missions since the Space Shuttle era. The Mac Portable even went up on a shuttle (and revealed that its trackball in zero-G isn’t the best option).

An Apple representative didn’t immediately respond to a request for comment.

Technologies

Hades 2, the Award-Winning Sequel, Joins Xbox Game Pass in April

Game Pass Premium subscribers are getting a handful of games, including the remastered Elder Scrolls 4: Oblivion.

Hades 2 was selected as one of CNET’s best games of 2025, but don’t take our word for it. The game won Best Action Game at the 2025 Game of the Year awards, Best Game on Steam Deck at the Steam Awards and a bevy of other accolades after its release. If you haven’t had the chance to play this stellar sequel yet, you can on Xbox Game Pass starting on April 14.

Xbox Game Pass, a CNET Editors’ Choice award pick, offers a wide selection of games you can play on your Xbox Series X, Xbox Series S, Xbox One and PC or mobile device for as little as $10 a month. And with a subscription to the higher-tiered Game Pass Ultimate ($30 a month), you can access hundreds of games, including Day One releases, each month.

Here are the games Microsoft plans to bring to Game Pass in April. You can also check out other games the company added to the service in March, including Cyberpunk 2077.

DayZ

Coming to PC on April 8, joining Game Pass Ultimate, Game Pass Premium, Game Pass Essential and PC Game Pass.

This online multiplayer survival game is coming to PC. An unknown virus has turned the population of the post-Soviet country of Chernarus into zombies, and you’re one of the last few survivors. You’ll have to scavenge for supplies among the ruins while fighting off zombies and other survivors alike. But how far will you go to save yourself?

Endless Legend 2 (Game preview)

New to Game Pass Premium on April 8. Previously on Game Pass Ultimate and PC Game Pass.

Lead your faction to build a great empire that can crush your enemies in this fantasy strategy game. You can play as warriors descended from the stars, cursed knights or hive-minded beasts, but each faction has its strengths, weaknesses and unique philosophies that can influence the rest of the game. And fending off enemies is just one challenge in this game. You’ll have to adapt to the changing environment as well. Will you expand as the tides reveal new treasures, or focus on improving your defenses?

FBC: Firebreak

New to Game Pass Premium on April 8. Previously on Game Pass Ultimate and PC Game Pass.

The Federal Bureau of Control is under attack from otherworldly forces, and it’s up to you and your versatile unit to restore order. You’ll fight chaotic entities, leeches and a monster made of sticky notes using guns, grenades and other supernatural weapons. You can play this first-person shooter game on your own or take on the chaos of the FBC with friends in three-player co-op.

Planet Coaster 2

Coming to Game Pass Ultimate, Game Pass Premium and PC Game Pass on April 9.

This might not be the classic RollerCoaster Tycoon, but it’s close enough. You’ll build your own roller coasters and water slides, manage your amusement park and create unforgettable experiences for your guests. It’s unclear if you can launch your coasters off the rails into waiting crowds. Will report back later.

Tiny Bookshop

Coming to Game Pass Ultimate, Game Pass Premium and PC Game Pass on April 10.

I have long dreamed of opening my own bookshop, and until I come into a lot of money, this game will have to do. You can stock your bookshop with different genres and items for sale, set up shop in scenic locations — like near a lighthouse — and get to know the locals in this cozy management game.

Football Manager 26 (PC and console)

New to Game Pass Premium on April 13. Previously on Game Pass Ultimate and PC Game Pass.

Get ready for a more immersive matchday experience in the latest installment of the Football Manager franchise. You can build a star-studded squad with new transfer tools, and this entry features official Premier League licenses and women’s football for the first time in the series’ history.

Hades 2

Coming to Game Pass Ultimate, Game Pass Premium and PC Game Pass on April 14.

Following the events of the original game, the Titan of Time Chronos has returned and laid waste to the Underworld and Earth. As the immortal princess Melinoe, you’re tasked with stopping the titan and restoring the mythic world. Each time you venture out, you’ll learn more about the world around you and discover the true cause of all the destruction and pain.

Replaced

Coming to Game Pass Ultimate and PC Game Pass on Day One on April 14.

Can AI ever be human? I’m not talking about ChatGPT or Gemini, but REACH, an AI trapped in a human’s body, in this narrative platformer game. You’ll explore an alternate 1980s America that’s scarred from nuclear catastrophe as you try to uncover the secrets of the Phoenix Corps, the same group that created you. It’s a cyberpunk Frankenstein with plenty of exploration and fluid action sequences.

The Thaumaturge

Coming to Game Pass Ultimate, Game Pass Premium and PC Game Pass on April 14.

By definition, a thaumaturge is a miracle worker or magician, and in this roleplaying game, you’re a master of mystical arts that allow you to peer into the hearts and minds of others. After the death of your father, you returned to an alternate 1900s Warsaw to investigate his death, fight supernatural forces and uncover the truth.

The Elder Scrolls IV: Oblivion Remastered

New to Game Pass Premium on April 16. Previously on Game Pass Ultimate and PC Game Pass.

A fanatical cult is trying to open gates to the demonic realm of Oblivion, and it’s up to you to stop them and seal the gates forever in the remastered version of this open-world RPG. You can rediscover the world of Cyrodiil (or experience it for the first time in updated glory), encounter unique characters and save the land.

EA Sports NHL 26

Coming to Game Pass Ultimate and PC Game Pass on April 16.

As the NHL regular season winds down, the playoffs and the fight for the Stanley Cup are heating up. And with the latest installment in this EA Sports franchise, you can ensure your favorite team brings home the cup. This entry in the series introduces new gameplay mechanics, such as Ice Q 2.0 and a goalie crease control system, to add additional challenges. So if you want to see the Florida Panthers win the cup back-to-back, or you want to make absolutely sure that never happens, this game is for you.

Call of Duty: Modern Warfare

Coming to Game Pass Ultimate, Game Pass Premium and PC Game Pass on April 17.

Modern Warfare redefined the Call of Duty series when it was released almost 20 years ago, and the rebooted version of the classic game drops you right back to where it started. You’ll control CIA and SAS special forces as they attempt to stop rebels from the fictional Republic of Urzikstan. And if the campaign’s not enough, you can hone your skills in the immersive, fast-paced multiplayer.

Little Rocket Lab

New to Game Pass Premium on April 21. Previously on Game Pass Ultimate and PC Game Pass.

Your family’s dream project has been to build a rocket, and you’re going to fulfill their dream in this cozy, machine-building RPG. But first, you have to build clever contraptions, convert local resources and become the heart of your community before you can complete your ultimate rocket-building task.

Sopa: Tale of the Stolen Potato

New to Game Pass Premium on April 21. Previously on Game Pass Ultimate and PC Game Pass.

Miho goes to the pantry to grab a potato for his grandmother’s soup when he lands in a fantastical land. Now he has to find his way back home by following in the footsteps of a mysterious traveler from long ago. You’ll meet quirky characters, gather exotic ingredients and take in vibrant environments in this world of magical realism inspired by Latin America.

Vampire Crawlers

Coming to Game Pass Ultimate and PC Game Pass on Day One on April 21.

From the creators of the indie darling Vampire Survivors comes this turn-based, deck-building, roguelite game. You’ll explore dungeons that might look familiar to Vampire Survivors veterans, fight monsters and build chaotic, broken decks along the way. So be tactical in your choices or blast away every chance you get!

Kiln

Coming to Game Pass Ultimate and PC Game Pass on Day One on April 23.

Kiln is about creating beautiful pottery filled with artistry and wonder… and smashing it all to pieces in the arena. This online, multiplayer party brawler pits you against others to see which pottery design can withstand the heat and which can dish out a beating.

Two games come to Game Pass Essential subscribers on April 8

Game Pass Essential costs $10 a month and offers access to a relatively small library of games compared to Game Pass Premium and Ultimate. While Microsoft doesn’t regularly add many games to Essential’s library, it’s adding these two on April 8.

Games leaving the service on April 15

While Microsoft is adding the above games to Game Pass, it is also removing five games from the service on April 15, including GTA 5. That means you still have a little time left to complete your main campaign and any sidequests before you’ll have to buy these games separately.

For more on Xbox, discover other games available on Game Pass now, read our hands-on review of the gaming service and learn which Game Pass plan is right for you.

Technologies

Nintendo Is Offering the Switch 2 for $20 Less When You Buy Super Mario Galaxy 1 and 2

This out-of-this-world deal goes live on April 12 and continues until May 9, giving you plenty of time to secure your bundle.

The Super Mario Galaxy Movie has been out for just over a week, and it has already become a must-see film for fans of the Mario Bros. video games. Nintendo also announced an upcoming deal that makes it easier to take the Super Mario Galaxy home.

Starting on April 12, Mario Bros. fans can get the Nintendo Switch 2 for $20 off with the purchase of a digital or physical Super Mario Galaxy 1 and 2 bundle. Once live, this deal lasts until May 9 and brings the Nintendo Switch 2 to $430, down from its usual price of $450.

The deal will be available at select retailers, including Walmart, Amazon, GameStop, Target and Best Buy. Not only does this deal coincide with the film’s release, but it’s also a small way to celebrate the 40th anniversary of Super Mario Bros.

Additionally, Best Buy is currently giving away a free collectible 40th anniversary game case with select Mario game purchases if you’d rather not wait until April 12.

Super Mario Galaxy has been around since 2007, and Super Mario Galaxy 2 has been available since 2010 on Wii. These games are still crowd-pleasers, and this offer makes it possible to enjoy both games on the Nintendo Switch 2 for less.

To better enjoy this deal once it’s available, check out our article on everything you need to know about Nintendo Switch 2 games.

CHEAP GAMING LAPTOP DEALS OF THE WEEK

Alienware 16 Aurora AC16250 Intel 7 RTX 5060 512GB SSD 16GB RAM 16-inch 120Hz Laptop:

$1,000 (save $350)
Lenovo LOQ Intel i5 13th Gen RTX 5050 1TB SSD 16GB RAM 15.6-inch Laptop:

$750 (save $295)
HP Omen Slim Intel Ultra 5 RTX 5050 512GB SSD 16GB RAM 16-inch Laptop:

$800 (save $650)
Alienware 16 Aurora AC16250 Intel 7 RTX 5050 512GB SSD 16GB RAM 16-inch 120Hz Laptop:

$850 (save $350)
Acer Nitro V Intel i5 13th Gen RTX 4050 512GB SSD 8GB RAM 15.6-inch Laptop:

$709 (save $41)

Deals are selected by the CNET Group commerce team, and may be unrelated to this article.

Why this deal matters

The Nintendo Switch 2 has been praised by fans and gaming experts. Like its handheld gaming counterpart, Super Mario Galaxy 1 and 2 have also remained popular since their releases. If you’ve been looking to buy these games along with the handheld gaming console, then this is one deal to plan for. Keep in mind that it’ll run from April 12 until May 9, so be ready to secure the savings.