Technologies
If You Use LastPass, You Need to Change All of Your Passwords ASAP
You’ll probably also want to find a different password manager, considering the severity of the latest LastPass data breach.

LastPass, one of the world’s most popular password managers, suffered a major data breach in December, putting customers’ online passwords at risk and endangering their personal data.
On Dec. 22, LastPass CEO Karim Toubba acknowledged in a blog post that a security incident the company first disclosed in August eventually led to an «unauthorized party» stealing customer account information and sensitive vault data. The breach is the latest in a lengthy and troubling string of security incidents involving LastPass that date back to 2011.
It’s also the most alarming.
An unauthorized party was able to gain access to unencrypted subscriber account information like LastPass usernames, company names, billing addresses, email addresses, phone numbers and IP addresses, according to Toubba. That same unauthorized party was also able to steal customer vault data, which includes unencrypted data like website URLs as well as encrypted data like the usernames and passwords for all of the sites customers have stored in their vaults.
If you’re a LastPass subscriber, the severity of this breach should have you looking for a different password manager, because your passwords and personal data are at serious risk of being exposed.
What should LastPass subscribers do?
The company didn’t specify how many users were affected by the breach, and LastPass didn’t respond to CNET’s request for additional comment on the breach. But if you’re a LastPass subscriber, you need to operate under the assumption that your user and vault data are in the hands of an unauthorized party with ill intentions. Though the most sensitive data is encrypted, the problem is that the threat actor can run «brute force» attacks on those stolen local files. LastPass estimates it would take «millions of years» to guess your master password — if you’ve followed its best practices.
If you haven’t — or if you just want total peace of mind — you’ll need to spend some serious time and effort changing your individual passwords. And while you’re doing that, you’ll probably want to transition away from LastPass, too.
With that in mind, here’s what you need to do right now if you’re a LastPass subscriber:
1. Find a new password manager. Given LastPass’ history with security incidents and considering the severity of this latest breach, now’s a better time than ever to seek an alternative.
2. Change your most important site-level passwords immediately. This includes passwords for anything like online banking, financial records, internal company logins and medical information. Make sure these new passwords are strong and unique.
3. Change every single one of your other online passwords. It’s a good idea to change your passwords in order of importance here too. Start with changing the passwords to accounts like email and social media profiles, then you can start moving backward to other accounts that may not be as critical.
4. Enable two-factor authentication wherever possible. Once you’ve changed your passwords, make sure to enable 2FA on any online account that offers it. This will give you an added layer of protection by alerting you and requiring you to authorize each login attempt. That means even if someone ends up obtaining your new password, they shouldn’t be able to gain access to a given site without your secondary authenticating device (typically your phone).
5. Change your master password. Though this doesn’t change the threat level to the stolen vaults, it’s still prudent to help mitigate the threats of any potential future attack — that is, if you decide you want to stay with LastPass.
LastPass alternatives to consider
- Bitwarden: CNET’s top password manager is a highly secure and open-source LastPass alternative. Bitwarden’s free tier allows you to use the password manager across an unlimited number of devices across device types. Read our Bitwarden review.
- 1Password: Another excellent password manager that works seamlessly across platforms. 1Password doesn’t offer a free tier, but you can try it for free for 14 days.
- iCloud Keychain: Apple’s built-in password manager for iOS, iPadOS and MacOS devices is an excellent LastPass alternative available to Apple users at no additional cost. iCloud Keychain is secure and easy to set up and use across all of your Apple devices. It even offers a Windows client, too, with support for Chrome and Edge browsers.
How did it come to this?
In August 2022, LastPass published a blog post written by Toubba saying that the company «determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.»
At the time, Toubba said that the threat was contained after LastPass «engaged a leading cybersecurity and forensics firm» and implemented «enhanced security measures.» But that blog post would be updated several times over the following months as the scope of the breach gradually widened.
On Sept. 15, Toubba updated the blog post to notify customers that the company’s investigation into the incident had concluded.
«Our investigation revealed that the threat actor’s activity was limited to a four-day period in August 2022. During this timeframe, the LastPass security team detected the threat actor’s activity and then contained the incident,» Toubba said. «There is no evidence of any threat actor activity beyond the established timeline. We can also confirm that there is no evidence that this incident involved any access to customer data or encrypted password vaults.»
Toubba assured customers at the time that their passwords and personal data were safe in LastPass’s care.
However, it turned out that the unauthorized party was indeed ultimately able to access customer data. On Nov. 30, Toubba updated the blog post once again to alert customers that the company «determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information.»
Then, on Dec. 22, Toubba issued a lengthy update to the blog post outlining the unnerving details regarding precisely what customer data the hackers were able to access in the breach. It was then that the full severity of the situation finally came to light and the public found out that LastPass customers’ personal data was in the hands of a threat actor and all of their passwords were at serious risk of being exposed.
Still, Toubba assured customers who follow LastPass’s best practices for passwords and have the latest default settings enabled that no further action on their part is recommended at this time since their «sensitive vault data, such as usernames and passwords, secure notes, attachments, and form-fill fields, remain safely encrypted based on LastPass’ Zero Knowledge architecture.»
However, Toubba warned that those who don’t have LastPass’s default settings enabled and don’t follow the password manager’s best practices are at greater risk of having their master passwords cracked. Toubba suggested that those users should consider changing the passwords of the websites they have stored.
What does all of this mean for LastPass subscribers?
The initial breach ended up allowing the unauthorized party to access sensitive user account data as well as vault data, which means that LastPass subscribers should be extremely concerned for the integrity of the data they have stored in their vaults and should be questioning LastPass’s capacity to keep their data safe.
If you’re a LastPass subscriber, an unauthorized party may have access to personal information like your LastPass username, email address, phone number, name and billing address. IP addresses used when accessing LastPass were also exposed in the breach, which means that the unauthorized party could also see the locations from which you used your account. And because LastPass doesn’t encrypt users’ stored website URLs, the unauthorized party can see all of the websites for which you have login information saved with the password manager (even if the passwords themselves are encrypted).
Information like this gives a potential attacker plenty of ammunition for launching a phishing attack and socially engineering their way to your account passwords. And if you have any password reset links stored that may still be active, an attacker can easily go ahead and create a new password for themselves.
LastPass says that encrypted vault data like usernames and passwords, secure notes and form-filled data that was stolen remains secured. However, if an attacker were to crack your master password at the time of the breach, they would be able to access all of that information, including all the usernames and passwords to your online accounts. If your master password wasn’t strong enough at the time of the breach, your passwords are especially at risk of being exposed.
Changing your master password now will, unfortunately, not help solve the issue because the attackers already have a copy of your vault that was encrypted using the master password you had in place at the time of the breach. This means the attackers essentially have an unlimited amount of time to crack that master password. That’s why the safest course of action is a site-by-site password reset for all of your LastPass-stored accounts. Once changed at the site level, that would mean the attackers would be getting your old, outdated passwords if they managed to crack the stolen encrypted vaults.
For more on staying secure online, here are data privacy tips digital security experts wish you knew and browser settings to change to better guard your information.
Technologies
Today’s NYT Mini Crossword Answers for Friday, July 4
Here are the answers for The New York Times Mini Crossword for July 4.

Looking for the most recent Mini Crossword answer? Click here for today’s Mini Crossword hints, as well as our daily answers and hints for The New York Times Wordle, Strands, Connections and Connections: Sports Edition puzzles.
There are a few July 4-related clues in today’s Mini Crossword. Need answers? Read on. And if you could use some hints and guidance for daily solving, check out our Mini Crossword tips.
The Mini Crossword is just one of many games in the Times’ games collection. If you’re looking for today’s Wordle, Connections, Connections: Sports Edition and Strands answers, you can visit CNET’s NYT puzzle hints page.
Read more: Tips and Tricks for Solving The New York Times Mini Crossword
Let’s get to those Mini Crossword clues and answers.
Mini across clues and answers
1A clue: Uncle ___
Answer: SAM
4A clue: It’s full of stars
Answer: SPACE
6A clue: It’s full of stripes
Answer: ZEBRA
7A clue: Month when the American Revolutionary War began
Answer: APRIL
8A clue: 4th of July sales promotions, e.g.
Answer: ADS
Mini down clues and answers
1D clue: Big brand of hummus
Answer: SABRA
2D clue: Foul-smelling
Answer: ACRID
3D clue: Breakfast, lunch and dinner
Answer: MEALS
4D clue: Singer who performed «All the Stars» at Kendrick Lamar’s Super Bowl halftime show
Answer: SZA
5D clue: Lively energy
Answer: PEP
Technologies
Act Fast to Save 15% on This Powerful CarbonMag Portable Charger
This Sharge charger can keep you powered on the go, and right now you don’t have to pay full price.

There’s nothing worse than your phone dying in the middle of the day, especially when finding an outlet means being stuck in an uncomfortable situation. MagSafe portable wireless chargers are a great fix for that, as they snap onto the back of your phone and charge it while you go about your day. One solid pick that won’t weigh your phone down like a brick is the CarbonMag MagSafe portable charger by Sharge. And right now it can be yours for less with this Prime Day deal.
Thanks to Prime Day, you can currently snag it for 15% off with the code QHUAPIWG at checkout — bringing the price down from $70 to just $59. That’s the same cost as the smaller 5,000mAh model, but this one gives you double the battery capacity for the same price.
This device is made out of carbon fiber, which makes it 40% lighter than your usual power banks and 80% more durable than chargers made with the materials normally used. It gets you a 10,000mAh battery capacity, enough to charge your devices multiple times throughout the day. You’ll enjoy up to 15W wireless charging, which can power an iPhone 15 from 0% to 55% in just 44 minutes.
Hey, did you know? CNET Deals texts are free, easy and save you money.
The charger also features ultrastrong (but safe) magnets that maintain a stable hold on your smartphone. You can use the built-in USB-C port for pass-through charging or to power another device at the same time. The only catch? We don’t know when the discount code expires, so you might want to hurry.
Why this deal matters
MagSafe wireless chargers can be a game-changer for anyone tired of juggling wires throughout the day. This deal gets you a slim, lightweight, yet powerful option at a $11 discount for a limited time. We recommend acting while you can.
Technologies
Save Up to $35 Off a Baseus Charging Station This July 4th and Stay Powered Up All Weekend
When USB ports aren’t enough, a Baseus charging station is what you need. Power all your gadgets with multiple well-spaced AC outlets and no clutter.

Keeping all your gear charged can be a job unto itself, and it gets more complicated when you have visitors. Whether you’re having guests this Fourth of July weekend or you just need a better charging solution for your family, a charging station could be the answer. But even the best charging stations can only share so many watts between devices, which is why the best charging stations from brands like Anker and Baseus not only feature multiple USB ports but also multiple AC outlets. AC outlets accommodate those few devices that still use proprietary chargers, and it lets you expand beyond the included 2-4 USB ports without sacrificing wattage when you need to top off everyone quickly before heading out.
The Fourth of July deals are bouncing into next week’s Amazon Prime Day to give us some of the best savings of the year a week early. Among the dozens of mobile accessories Baseus has on sale this holiday weekend is a trio of towers that can declutter your desk and keep everything you need ready and recharged. Available in 6-in-1, 7-in-1 for $65, and 10-in-1 varieties, these charging stations all offer two USB-C ports, at least one USB-A port and multiple AC outlets. Just note: You’ll need to clip the on-page coupon to get the lowest possible price.
For the best blend of power and ports, Baseus’ 100W 7-in-1 USB-C charging station can fast charge a laptop at 65W — full speed for all Chromebooks and many Windows laptops — while a phone and tablet each standard charge at 15W and still leave 5W for your smartwatch while your non-USB tech or your desk’s smart speaker can use the AC ports on both sides and the back of the tower. These towers are part power delivery chargers and part surge protectors with surge and lightning protection to keep your digital lifelines from frying should calamity strike.
The Baseus $35 10-in-1 desktop charging station model may sound like it’s the most powerful, but it only offers 35 watts to share between the two USB-C and USB-A ports, leaving the lion’s share of the station’s potential power to the six AC ports. This isn’t to say 35W between four ports is useless, but you’ll want to use those ports for lower-powered devices like recharging your smartwatch or wireless earbuds.
If you’re looking to charge multiple phones and tablets with those ports, you’re probably better off going with the 6-in-1 USB-C Charging Station at $50, which may only have three AC ports but features a retractable USB-C cable in addition to one standard USB-A and one USB-C port. Those three ports share 65W, meaning that you can charge both a phone and tablet at full speed rather than both getting middling speeds.
Why this deal matters
I use a 100W charging station like this at my desk and have another next to my couch for both me and my guests to keep our phones powered and ready. Being able to stick my 65W travel charger into one of the AC ports and fast charge four phones instead of two — well, one phone and my Chromebook — when I have people over and then swap it back to powering my oil diffuser or smart speaker once they’re gone is a godsend, and since the wall outlets are spread out across multiple sides of the tower instead of sandwiched next to each other in a line, I never have to worry about bulky plugs blocking out half my ports.
Because these charging stations double as surge protectors, you can also click their switch to power off and disconnect everything when severe weather comes, unlike standard charging stations you would have to unplug. Living in lightning capital of the U.S. makes this feature more important to me than most, but it can also be handy for parents wanting a one-click shut-off for all the kids’ consoles and computers.
We’re still days away from Prime Day, and deals like these will continue to drop through the next week, but these chargers are all within a few dollars of their lowest prices ever. We’ll watch for further price drops and competing deals throughout the holiday week, including Anker’s plethora of deals on chargers, speakers and smart home appliances.
-
Technologies2 года ago
Tech Companies Need to Be Held Accountable for Security, Experts Say
-
Technologies2 года ago
Best Handheld Game Console in 2023
-
Technologies2 года ago
Tighten Up Your VR Game With the Best Head Straps for Quest 2
-
Technologies4 года ago
Verum, Wickr and Threema: next generation secured messengers
-
Technologies4 года ago
Google to require vaccinations as Silicon Valley rethinks return-to-office policies
-
Technologies4 года ago
Black Friday 2021: The best deals on TVs, headphones, kitchenware, and more
-
Technologies4 года ago
Olivia Harlan Dekker for Verum Messenger
-
Technologies4 года ago
iPhone 13 event: How to watch Apple’s big announcement tomorrow