Technologies
If You Use LastPass, You Need to Change All of Your Passwords ASAP
You’ll probably also want to find a different password manager, considering the severity of the latest LastPass data breach.

LastPass, one of the world’s most popular password managers, suffered a major data breach in December, putting customers’ online passwords at risk and endangering their personal data.
On Dec. 22, LastPass CEO Karim Toubba acknowledged in a blog post that a security incident the company first disclosed in August eventually led to an «unauthorized party» stealing customer account information and sensitive vault data. The breach is the latest in a lengthy and troubling string of security incidents involving LastPass that date back to 2011.
It’s also the most alarming.
An unauthorized party was able to gain access to unencrypted subscriber account information like LastPass usernames, company names, billing addresses, email addresses, phone numbers and IP addresses, according to Toubba. That same unauthorized party was also able to steal customer vault data, which includes unencrypted data like website URLs as well as encrypted data like the usernames and passwords for all of the sites customers have stored in their vaults.
If you’re a LastPass subscriber, the severity of this breach should have you looking for a different password manager, because your passwords and personal data are at serious risk of being exposed.
What should LastPass subscribers do?
The company didn’t specify how many users were affected by the breach, and LastPass didn’t respond to CNET’s request for additional comment on the breach. But if you’re a LastPass subscriber, you need to operate under the assumption that your user and vault data are in the hands of an unauthorized party with ill intentions. Though the most sensitive data is encrypted, the problem is that the threat actor can run «brute force» attacks on those stolen local files. LastPass estimates it would take «millions of years» to guess your master password — if you’ve followed its best practices.
If you haven’t — or if you just want total peace of mind — you’ll need to spend some serious time and effort changing your individual passwords. And while you’re doing that, you’ll probably want to transition away from LastPass, too.
With that in mind, here’s what you need to do right now if you’re a LastPass subscriber:
1. Find a new password manager. Given LastPass’ history with security incidents and considering the severity of this latest breach, now’s a better time than ever to seek an alternative.
2. Change your most important site-level passwords immediately. This includes passwords for anything like online banking, financial records, internal company logins and medical information. Make sure these new passwords are strong and unique.
3. Change every single one of your other online passwords. It’s a good idea to change your passwords in order of importance here too. Start with changing the passwords to accounts like email and social media profiles, then you can start moving backward to other accounts that may not be as critical.
4. Enable two-factor authentication wherever possible. Once you’ve changed your passwords, make sure to enable 2FA on any online account that offers it. This will give you an added layer of protection by alerting you and requiring you to authorize each login attempt. That means even if someone ends up obtaining your new password, they shouldn’t be able to gain access to a given site without your secondary authenticating device (typically your phone).
5. Change your master password. Though this doesn’t change the threat level to the stolen vaults, it’s still prudent to help mitigate the threats of any potential future attack — that is, if you decide you want to stay with LastPass.
LastPass alternatives to consider
- Bitwarden: CNET’s top password manager is a highly secure and open-source LastPass alternative. Bitwarden’s free tier allows you to use the password manager across an unlimited number of devices across device types. Read our Bitwarden review.
- 1Password: Another excellent password manager that works seamlessly across platforms. 1Password doesn’t offer a free tier, but you can try it for free for 14 days.
- iCloud Keychain: Apple’s built-in password manager for iOS, iPadOS and MacOS devices is an excellent LastPass alternative available to Apple users at no additional cost. iCloud Keychain is secure and easy to set up and use across all of your Apple devices. It even offers a Windows client, too, with support for Chrome and Edge browsers.
How did it come to this?
In August 2022, LastPass published a blog post written by Toubba saying that the company «determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.»
At the time, Toubba said that the threat was contained after LastPass «engaged a leading cybersecurity and forensics firm» and implemented «enhanced security measures.» But that blog post would be updated several times over the following months as the scope of the breach gradually widened.
On Sept. 15, Toubba updated the blog post to notify customers that the company’s investigation into the incident had concluded.
«Our investigation revealed that the threat actor’s activity was limited to a four-day period in August 2022. During this timeframe, the LastPass security team detected the threat actor’s activity and then contained the incident,» Toubba said. «There is no evidence of any threat actor activity beyond the established timeline. We can also confirm that there is no evidence that this incident involved any access to customer data or encrypted password vaults.»
Toubba assured customers at the time that their passwords and personal data were safe in LastPass’s care.
However, it turned out that the unauthorized party was indeed ultimately able to access customer data. On Nov. 30, Toubba updated the blog post once again to alert customers that the company «determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information.»
Then, on Dec. 22, Toubba issued a lengthy update to the blog post outlining the unnerving details regarding precisely what customer data the hackers were able to access in the breach. It was then that the full severity of the situation finally came to light and the public found out that LastPass customers’ personal data was in the hands of a threat actor and all of their passwords were at serious risk of being exposed.
Still, Toubba assured customers who follow LastPass’s best practices for passwords and have the latest default settings enabled that no further action on their part is recommended at this time since their «sensitive vault data, such as usernames and passwords, secure notes, attachments, and form-fill fields, remain safely encrypted based on LastPass’ Zero Knowledge architecture.»
However, Toubba warned that those who don’t have LastPass’s default settings enabled and don’t follow the password manager’s best practices are at greater risk of having their master passwords cracked. Toubba suggested that those users should consider changing the passwords of the websites they have stored.
What does all of this mean for LastPass subscribers?
The initial breach ended up allowing the unauthorized party to access sensitive user account data as well as vault data, which means that LastPass subscribers should be extremely concerned for the integrity of the data they have stored in their vaults and should be questioning LastPass’s capacity to keep their data safe.
If you’re a LastPass subscriber, an unauthorized party may have access to personal information like your LastPass username, email address, phone number, name and billing address. IP addresses used when accessing LastPass were also exposed in the breach, which means that the unauthorized party could also see the locations from which you used your account. And because LastPass doesn’t encrypt users’ stored website URLs, the unauthorized party can see all of the websites for which you have login information saved with the password manager (even if the passwords themselves are encrypted).
Information like this gives a potential attacker plenty of ammunition for launching a phishing attack and socially engineering their way to your account passwords. And if you have any password reset links stored that may still be active, an attacker can easily go ahead and create a new password for themselves.
LastPass says that encrypted vault data like usernames and passwords, secure notes and form-filled data that was stolen remains secured. However, if an attacker were to crack your master password at the time of the breach, they would be able to access all of that information, including all the usernames and passwords to your online accounts. If your master password wasn’t strong enough at the time of the breach, your passwords are especially at risk of being exposed.
Changing your master password now will, unfortunately, not help solve the issue because the attackers already have a copy of your vault that was encrypted using the master password you had in place at the time of the breach. This means the attackers essentially have an unlimited amount of time to crack that master password. That’s why the safest course of action is a site-by-site password reset for all of your LastPass-stored accounts. Once changed at the site level, that would mean the attackers would be getting your old, outdated passwords if they managed to crack the stolen encrypted vaults.
For more on staying secure online, here are data privacy tips digital security experts wish you knew and browser settings to change to better guard your information.
Technologies
For CNET’s Daily Tariff Price Impact Tracker, I’m Watching 11 Key Products for Inflation
With the reality of tariff-driven inflation arriving in earnest, it’s more important than ever to keep tabs on the prices that most impact you.
The question of how new tariffs will affect prices is more relevant than ever, with President Donald Trump punting another major deadline down the road and a new Consumer Price Index summary showing that the inflation rate was 2.7% in June, the biggest jump since February. It’s enough to get anyone concerned about affordability in the US, as if we all weren’t worrying about it already.
To help manage those worries, I’ve been tracking prices every day for 11 key products likely to be hit by price increases from tariffs, and the answer I’ve come to so far is this: Not so much, at least not yet. The winding road of tariff inflation still stretches before us into an uncertain future, so the threat of price hikes continues to cloud the horizon.
To date, I’ve seen two noteworthy price increases, one for the Xbox Series X and the other for a popular budget-friendly 4K TV. Some other products have gone on sale for brief periods. Notably, other outlets have caught a number of major retailers hiking prices across the board, with CNBC finding some substantial inflation at Walmart specifically.
CNET Tariff Tracker Index
Above, you can check out a chart with the average price of the 11 products included in this piece over the course of 2025. This will help give you a sense of the overall price changes and fluctuations going on. Further down, you’ll be able to check out charts for each individual product being tracked. Based on the numbers so far, the average has gone up noticeably since the start of the year, but this has been driven mostly be a big shifts for a few products, as most price are still stable.
We’ll be updating this article regularly as prices change. It’s all in the name of helping you make sense of things, so be sure to check back every so often. For more, check out CNET’s guide to whether you should wait to make big purchases or buy them now and get expert tips about how to prepare for a recession.
Methodology
We’re checking prices daily and will update the article and the relevant charts right away to reflect any changes. The following charts show a single bullet point for each month, with the most recent one labeled «Now» and showing the current price. For the past months, we’ve gone with what was the most common price for each item in the given month.
In most cases, the price stats used in these graphs were pulled from Amazon using the historical price-tracker tool Keepa. For the iPhones, the prices come from Apple’s official materials and are based on the 128-gigabyte base model of the latest offering of the iPhone 16. For the Xbox Series X, the prices were sourced from Best Buy using the tool PriceTracker. If any of these products happen to be on sale at a given time, we’ll be sure to let you know and explain how those price drops differ from longer-term pricing trends that tariffs can cause.
The 11 products we’re tracking
Mostly what we’re tracking in this article are electronic devices and digital items that CNET covers in depth, like iPhones and affordable 4K TVs — along with a typical bag of coffee, a more humble product that isn’t produced in the US to any significant degree.
The products featured were chosen for a few reasons: Some of them are popular and/or affordable representatives for major consumer tech categories, like smartphones, TVs and game consoles. Others are meant to represent things that consumers might buy more frequently, like printer ink or coffee beans. Some products were chosen over others because they are likely more susceptible to tariffs. Some of these products have been reviewed by CNET or have been featured in some of our best lists.
- iPhone 16, 128GB
- Duracell AA batteries, 24-pack
- Samsung DU7200 65-inch TV
- Xbox Series X
- Apple AirPods Pro 2 with USB-C case
- HP 962 CMY Printer Ink
- Anker 10,000-mAh, 30-watt power bank
- Bose TV speaker
- Oral-B Pro 1000 electric toothbrush
- Lenovo IdeaPad Flex 5i Chromebook, 256GB
- Starbucks 28-ounce ground dark roast coffee
Below, we’ll get into more about each individual product, and stick around till the end for a rundown of some other products worth noting.
iPhone 16
The iPhone is the most popular smartphone brand in the US, so this was a clear priority for price tracking. The iPhone has also emerged as a major focal point for conversations about tariffs, given its popularity and its susceptibility to import taxes because of its overseas production, largely in China. Trump has reportedly been fixated on the idea that the iPhone can and should be manufactured in the US, an idea that experts have dismissed as a fantasy. Estimates have also suggested that a US-made iPhone would cost as much as $3,500.
Something to note about this graph: The price listed is the one you’ll see if you buy your phone through a major carrier. If you, say, buy direct from Apple or Best Buy without a carrier involved, you’ll be charged an extra $30, so in some places, you might see the list price of the standard iPhone 16 listed as $830.
Apple’s been taking a few steps to protect its prices in the face of these tariffs, flying in bulk shipments of product before they took effect and planning to move production for the US market from China to India. A new Reuters report found that a staggering 97% of iPhones imported from the latter country, March through May, were bound for the US. This latter move drew the anger of Trump again, threatening the company with a 25% tariff if they didn’t move production to the US, an idea CEO Tim Cook has repeatedly shot down in the past. This came after Trump gave a tariff exemption to electronic devices including smartphones, so the future of that move seems in doubt now.
Duracell AA batteries
A lot of the tech products in your home might boast a rechargeable energy source but individual batteries are still an everyday essential and I can tell you from experience that as soon as you forget about them, you’ll be needing to restock. The Duracell AAs we’re tracking are some of the bestselling batteries on Amazon.
Samsung DU7200 TV
Alongside smartphones, televisions are some of the most popular tech products out there, even if they’re an infrequent purchase. This particular product is a popular entry-level 4K TV and was CNET’s pick for best overall budget TV for 2025. Unlike a lot of tech products that have key supply lines in China, Samsung is a South Korean company, so it might have some measure of tariff resistance.
After spending most of 2025 hovering around $400, this item has now seen some notable upticks on Amazon, most recently sitting around $450. This could potentially be in reaction to Trump’s announcement of 25% tariffs against South Korea this week.
Xbox Series X
Video game software and hardware are a market segment expected to be hit hard by the Trump tariffs. Microsoft’s Xbox is the first console brand to see price hikes — the company cited «market conditions» along with the rising cost of development. Most notably, this included an increase in the price of the flagship Xbox Series X, up from $500 to $600. Numerous Xbox accessories also were affected and the company also said that «certain» games will eventually see a price hike from $70 to $80.
Initially, we were tracking the price of the much more popular Nintendo Switch as a representative of the gaming market. Nintendo has not yet hiked the price of its handheld-console hybrid and stressed that the $450 price tag of the upcoming Switch 2 has not yet been inflated because of tariffs. Sony, meanwhile, has so far only increased prices on its PlayStation hardware in markets outside the US.
AirPods Pro 2
The latest iteration of Apple’s wildly popular true-wireless earbuds are here to represent the headphone market. Much to the chagrin of the audiophiles out there, a quick look at sales charts on Amazon shows you just how much the brand dominates all headphone sales.
HP 962 CMY printer ink
This HP printer ink includes cyan, magenta and yellow all in one product and recently saw its price jump from around $72 — where it stayed for most of 2025 — to $80, which is around its highest price over the last five years. We will be keeping tabs to see if this is a long-term change or a brief uptick.
This product replaced Overture PLA Filament for 3D printers in this piece, but we’re still tracking that item.
Anker 10,000-mAh, 30-watt power bank
Anker’s accessories are perennially popular in the tech space and the company has already announced that some of its products will get more expensive as a direct result of tariffs. This specific product has also been featured in some of CNET’s lists of the best portable chargers.
Bose TV speaker
Soundbars have become important purchases, given the often iffy quality of the speakers built into TVs. While not the biggest or the best offering in the space, the Bose TV Speaker is one of the more affordable soundbar options out there, especially hailing from a brand as popular as Bose.
Oral-B Pro 1000 electric toothbrush
They might be a lot more expensive than their traditional counterparts but electric toothbrushes remain a popular choice for consumers because of how well they get the job done. I know my dentist won’t let up on how much I need one. This particular Oral-B offering was CNET’s overall choice for the best electric toothbrush for 2025.
This product hasn’t seen its price budge one way or another most of the year, but while Prime Day might have come and gone, there’s still a $10 coupon listed on Amazon right now, letting you save a little bit of money for the time being.
Lenovo IdeaPad Flex 5i Chromebook
Lenovo is notable among the big laptop manufacturers for being a Chinese company making its products especially susceptible to Trump’s tariffs.
For now, its price has been largely unchanged in the last few months. You can, however, grab it on Amazon right now at a $20 discount, but we’ll have to see how long that actually lasts.
Starbucks Ground Coffee (28-ounce bag)
Coffee is included in this tracker because of its ubiquity —I’m certainly drinking too much of it these days —and because it’s uniquely susceptible to Trump’s tariff agenda. Famously, coffee beans can only be grown within a certain distance from Earth’s equator, a tropical span largely outside the US and known as the «Coffee Belt.»
Hawaii is the only part of the US that can produce coffee beans, with data from USAFacts showing that 11.5 million pounds were harvested there in the 2022-23 season — little more than a drop in the mug, as the US consumed 282 times that amount of coffee during that period. Making matters worse, Hawaiian coffee production has declined in the past few years.
All that to say: Americans get almost all of their coffee from overseas, making it one of the most likely products to see price hikes from tariffs. While this particular bag of beans from Starbucks hasn’t seen its price budge for most of the year, in recent days it ticked up by less than a dollar on Amazon, which could be a sign of further increases to come.
Other products
As mentioned, we occasionally swap out products with different ones that undergo notable price shifts. Here are some things no longer featured above, but that we’re still keeping an eye on:
- Nintendo Switch: The baseline handheld-console hybrid has held steady around $299 most places — including Amazon — since it released in 2017. Whether that price will be affected by tariffs or the release of the Switch 2 remains to be seen. This product was replaced above with the Xbox Series X.
- Overture PLA 3D printer filament: This is a popular choice on Amazon for the material needed to run 3D printers. It has held steady around $15 on Amazon all year. This product was replaced above by the HP 962 printer ink.
Here are some products we also wanted to single out that haven’t been featured with a graph yet:
- Razer Blade 18 (2025), 5070 Ti edition: The latest revision of Razer’s largest gaming laptop saw a $300 price bump recently, with the base model featured an RTX 5070 Ti graphics card now priced at $3,500 ahead of launch, compared to the $3,200 price announced in February. While Razer has stayed mum about the reasoning, it did previously suspend direct sales to the US as Trump’s tariff plans were ramping up in April.
- Asus ROG Ally X: The premium version of Asus’s Steam Deck competitor handheld gaming PC recently saw a price hike from $799 to $899, coinciding with the announcement of the company’s upcoming Xbox-branded Ally handhelds.
Technologies
Tea App Breach Exposes 72,000 Selfies, ID Photos and Other User Images
The images had been in a «legacy data system» that contained information from more than two years ago, the company says.

Tea, a women’s safety dating app that surged to the top of the free iOS App Store listings this week, has been the subject of a major security breach. The company confirmed Friday that it has «identified authorized access to one of our systems» that exposed thousands of user images.
According to Tea’s preliminary findings, the breach allowed access to approximately 72,000 images, broken down into two groups: 13,000 images of selfies and photo identification that people had submitted during account verification and 59,000 images that were publicly viewable in the app from posts, comments and direct messages.
Those images had been in a «legacy data system» that contained information from more than two years ago, the company said in statement. «At this time, there is no evidence to suggest that current or additional user data was affected.»
Earlier Friday, posts on Reddit and 404 Media reported that Tea app users’ faces and IDs had been posted on anonymous online message board 4chan.
Tea requires users to verify their identities with selfies or IDs, which is why driver’s licenses and pictures of people’s faces are in the leaked data.
The premise of Tea is to provide women with a space to report negative interactions they’ve had while encountering men in the dating pool, purportedly to keep other women safe. The app hit the No. 1 spot on Apple’s US App Store this week, drawing international attention and sparking a debate about whether the app violates men’s privacy. If the reports of a breach turn out to be true, it will also play into the wider ongoing debate around whether online identity and age verification pose an inherent security risk to internet users.
In the privacy section on its website, Tea says: «Tea Dating Advice takes reasonable security measures to protect your Personal Information to prevent loss, misuse, unauthorized access, disclosure, alteration and destruction. Please be aware, however, that despite our efforts, no security measures are impenetrable.»
Tea said it has launched a full investigation to assess the scope and impact of the breach.
Technologies
Invincible Vs Adds Fan-Favorite Battle Beast, and He’s Not Holding Back
The upcoming tag-team fighter gets a violent new trailer during San Diego Comic-Con 2025.

Invincible Vs is an upcoming tag-team fighting game revealed at the Xbox Games Showcase in June, based on Robert Kirkman’s Invincible comic and show. As San Diego Comic-Con is underway, it made sense for a new character to be revealed, and this one is quite the fighter.
Battle Beast is the latest addition to the Invincible Vs roster. The big, blue barbarian cat is quite the brute with his mace. He does some brutal damage, causing blood to splatter everywhere. His super combo exemplifies his violent nature as he sends his opponent far into the sky only to smash them into the ground, creating a rain of blood that he revels in.
Battle Beast joins the previously revealed characters for the game, including Invincible, Omni-Man, Atom Eve, Rex Splode, Bulletproof and two Viltrumites, Thula and Lucan.
Invincible Vs is the first game from developer Quarter Up and published by Skybound Games. Quarter Up is a new studio but members of the team created 2013’s Killer Instinct. As a tag game, players will form a three-person team and battle against other teams in a similar style to the Marvel vs. Capcom series. Characters can unleash long, powerful combos and tag in other team members to extend them. Each fighter also has their own super combo to deal massive damage.
The game takes place in Robert Kirkman’s Invincible universe, so expect to see more characters from the show and comics. Kirkman revealed Battle Beast during his panel at Comic-Con on Thursday.
There is an expected public demo of Invincible Vs next month at the Evolution Championship Series Aug. 1-3 in Las Vegas. The event brings the best fighting game players from around the globe to compete in various games. This event is also a time for new fighting games to be showcased so it’s likely that there will be playable versions for those in attendance, as well as a possible exhibition by pro players to show off the game.
Invincible Vs will be released sometime in 2026 for PC and Xbox Series consoles.
-
Technologies3 года ago
Tech Companies Need to Be Held Accountable for Security, Experts Say
-
Technologies2 года ago
Best Handheld Game Console in 2023
-
Technologies2 года ago
Tighten Up Your VR Game With the Best Head Straps for Quest 2
-
Technologies4 года ago
Verum, Wickr and Threema: next generation secured messengers
-
Technologies4 года ago
Google to require vaccinations as Silicon Valley rethinks return-to-office policies
-
Technologies4 года ago
Black Friday 2021: The best deals on TVs, headphones, kitchenware, and more
-
Technologies4 года ago
Olivia Harlan Dekker for Verum Messenger
-
Technologies4 года ago
iPhone 13 event: How to watch Apple’s big announcement tomorrow