Technology
Password manager fined after major data breach
NEWYou can now listen to Fox News articles!
Any data breach affecting 1.6 million people is serious. It draws even more attention when it involves a company trusted to guard passwords. That is exactly what happened to LastPass.
The UK Information Commissioner’s Office has fined LastPass about $1.6 million for security failures tied to its 2022 breach. Regulators say those failures allowed a hacker to access a backup database and put users at risk.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
CHECK IF YOUR PASSWORDS WERE STOLEN IN HUGE LEAK
Why the LastPass breach still matters
LastPass is one of the most widely used password managers in the world. It serves more than 20 million individual users and around 100,000 businesses. That popularity also makes it an attractive target for cybercriminals.
The UK Information Commissioner’s Office fined LastPass for security failures tied to its 2022 breach. (LaylaBird/Getty Images)
In 2022, LastPass confirmed that an unauthorized party accessed parts of its customer information through a third-party cloud storage service. While the incident initially raised alarms, the long-term impact has taken time to fully surface.
The ICO now says the breach affected about 1.6 million UK users alone. That scope played a major role in the size of the fine.
What regulators say went wrong
According to the ICO, LastPass failed to put strong enough technical and security controls in place. Those gaps made it possible for attackers to reach a backup database that should have been better protected.
The regulator added that LastPass promises to help people improve security, but failed to meet that expectation. As a result, users were left exposed even if their passwords were not directly cracked.
Were passwords exposed or decrypted?
There is still no evidence that attackers decrypted customer passwords. That point matters.
Despite the breach, security experts continue to recommend password managers for most people. Storing unique, strong passwords in an encrypted vault is still far safer than reusing weak passwords across accounts.
As one expert noted, modern breaches often succeed after identity access rather than password cracking alone. Once attackers get a foothold, the damage can spread quickly.
Although attackers accessed a backup database, there is no evidence that customer passwords were decrypted. (Kurt “CyberGuy” Knutsson)
Why the LastPass fine is a wake-up call for cybersecurity
The ICO called the LastPass fine a turning point. It reinforces the idea that security is about governance, staff training and supplier risk as much as software.
Users have a right to expect that companies handling sensitive data take every reasonable step to protect it.
Breaches may be inevitable, but weak safeguards are not.
LastPass on the UK data breach
We reached out to LastPass for comment on the UK fine, and a spokesperson provided CyberGuy with the following statement:
“We have been cooperating with the UK ICO since we first reported this incident to them back in 2022. While we are disappointed with the outcome, we are pleased to see that the ICO’s decision has recognized many of the efforts we have already taken to further strengthen our platform and enhance our data security measures. Our focus remains on delivering the best possible service to the 100,000 businesses and millions of individual consumers who continue to rely on LastPass.”
MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINS
How to protect yourself after a password manager breach
Breaches like this are a reminder that security requires layers. No single tool can protect everything on its own.
1) Use a strong password manager correctly
Keep using a reputable password manager. Set a long, unique master password and enable two-factor authentication. Avoid reusing your master password anywhere else.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.
2) Rotate sensitive passwords
Change passwords for financial accounts, email accounts and work logins. Focus on services that could cause real damage if compromised.
3) Lock down your email
Your email account is the key to password resets. Use a strong password, two-factor authentication and recovery options you control.
4) Reduce your exposed personal data
Data brokers collect and sell personal information that criminals use for targeting. A data removal service can help reduce what is publicly available about you. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
The fine sends a warning to the entire cybersecurity industry. Companies that handle sensitive data must protect it with strong safeguards and oversight. (REUTERS/Andrew Kelly)
5) Watch for phishing attempts and use strong antivirus software
After major breaches, scammers follow. Be cautious of emails claiming urgent account problems or asking for verification details. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
6) Keep devices updated
Install updates for your operating system, browser and security tools. Many attacks rely on known vulnerabilities that updates already fix.
Kurt’s key takeaways
The fine against LastPass is about more than one company. It highlights how much trust we place in tools that manage our digital lives. Password managers remain a smart security choice. Still, this case shows why you should stay alert even when using trusted brands. Strong settings, regular reviews and layered protection matter more than ever. In the end, security works best when companies and we share the responsibility. Tools help, but habits and awareness finish the job.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Do you believe companies are doing enough to protect user data, or should regulators step in more often? Let us know by writing to us at Cyberguy.com.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
This weekend’s scheduled Blue Origin rocket launch is rather momentous. Success would signal an end to SpaceX’s monopoly on reusable orbital launch vehicles, and set up a three-way race to make that “No Service” indicator on your phone disappear forever.
On Sunday morning, Jeff Bezos’ massive New Glenn rocket is scheduled to launch with the first-stage booster that launched and landed on the program’s second mission last November. It’s a critical test, because cost-effective booster reuse is what’s made SpaceX’s Falcon 9 so dominate.
Amazon desperately needs a reusable rocket of its own to accelerate its Leo launches. Without one, it’s only been able to launch 241 Leo satellites, putting it well behind schedule. In that same 12-month time period, SpaceX’s Falcon 9 rocket was able to deploy over 1,500 satellites to its Starlink constellation.
Sunday’s mission will carry AST SpaceMobile’s BlueBird 7 satellite to low Earth orbit. Instead of blanketing the region with thousands of small satellites like Amazon and SpaceX, AST’s plan is to deploy fewer satellites that are much more powerful. Bluebird 7 features a massive 2,400-square-foot phased-array antenna, making it the largest commercial communications array ever deployed in low Earth orbit. It’s essentially a cell tower in space, and will be the second of the company’s “Block 2” next-generation satellites to launch.
The BlueBird 7 is designed to provide 4G and 5G broadband, at speeds exceeding 120 Mbps, to the phones we already carry. AST plans to have 45 to 60 satellites launched by the end of 2026. When AST lights up its service sometime this year, it will be in direct competition with Starlink’s direct-to-cell service, already operating with T-Mobile in the US, and Globalstar, the satellite network snapped up by Amazon that keeps iPhones and Apple Watches communicating in dead zones.
Cyber expert shares tips to avoid AI phishing scams
Kurt ‘The CyberGuy’ Knutsson shares practical ways to avoid falling victim to AI-generated phishing scams and discusses a report that North Korean agents are posing as I.T. workers to funnel money into the country’s nuclear program.
NEWYou can now listen to Fox News articles!
You probably think your messages are safe. After all, apps like WhatsApp, Signal and Telegram promote strong encryption.
But a new warning from the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation shows that attackers do not need to break encryption at all.
Instead, they are going after you.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
FBI WARNS ABOUT FOREIGN APPS AND YOUR DATA
A new federal advisory says phishing campaigns tied to Russian intelligence are going after messaging app users instead of trying to break encryption. (MStudioImages/Getty Images)
What the FBI and CISA just revealed
According to the joint advisory, cyber actors tied to Russian intelligence are running large-scale phishing campaigns targeting messaging apps.
These attacks are not random. They have focused on high-value targets like government officials, military personnel and journalists. However, the tactics can easily spread to everyday users.
Here is the key takeaway: Hackers are not cracking the apps themselves. They are tricking people into giving up access.
How these messaging app attacks actually work
This is where it gets interesting and a bit unsettling. Instead of breaking encryption, attackers use phishing to gain control of individual accounts. Once inside, they can:
- Read private conversations
- Access contact lists
- Send messages as if they were you
- Launch new scams targeting your contacts
It becomes a chain reaction. One compromised account can quickly lead to many more. In some cases, attackers impersonate trusted contacts. That makes the scam feel real and urgent.
Why encryption is not enough anymore
Encryption still matters. It protects messages as they travel between devices. But here is the problem. If someone logs into your account, they see everything just like you do.
That means even the most secure app cannot protect you if your login gets compromised. This is a shift in how cyberattacks work. The weakest link is no longer the technology. It is human behavior.
AI IS NOW POWERING CYBERATTACKS, MICROSOFT WARNS
The FBI and CISA are warning that attackers are targeting users of encrypted messaging apps by tricking them into handing over account access. (BackyardProduction/Getty Images)
Who is at risk from messaging app phishing attacks
While the advisory highlights high-profile targets, the tactics are not limited to them.
If you use messaging apps for:
- Personal conversations
- Work communication
- Sharing sensitive information
You are a potential target. Phishing works because it relies on simple mistakes. A quick tap on the wrong link is often all it takes.
What this means for you
This warning highlights a bigger trend. Cyberattacks are becoming more personal. Instead of attacking systems, hackers are targeting people directly. That makes awareness your strongest defense. The more you understand how these scams work, the harder it becomes for attackers to succeed.
Ways to stay safe from messaging app phishing attacks
You do not need to be a cybersecurity expert to protect yourself. You just need to slow things down and follow a few smart habits.
1) Be skeptical of unexpected messages
If a message feels urgent or out of place, pause. Even if it looks like it came from someone you know.
2) Never click suspicious links
Avoid links sent through messages unless you can verify them independently. Strong antivirus software can help detect suspicious behavior after a compromise. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.
3) Turn on two-factor authentication
Two-factor authentication (2FA) adds a second layer of protection even if your password gets exposed.
TECH GIANTS UNITE TO FIGHT ONLINE SCAMS
Officials say hackers can read messages, access contacts and impersonate users once they gain control of a messaging app account. (FreshSplash/Getty Images)
4) Watch for login alerts
Many apps notify you when a new device signs in. Do not ignore these warnings.
5) Verify requests in another way
If a contact asks for something unusual, call them or confirm through another channel.
6) Use a data removal service
Limit how much of your personal information is available online. Data removal services work to delete your data from broker sites, making it harder for scammers to target you with convincing phishing messages. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
7) Keep your device and apps updated
Install updates regularly. Security patches fix vulnerabilities that attackers can exploit after gaining access.
Kurt’s key takeaways
Messaging apps feel private. They feel secure. That sense of comfort is exactly what attackers are counting on. The technology is still strong. The real question is whether your habits are keeping up. So the next time a message pops up that feels slightly off, trust that instinct and take a second look.
Have you ever received a suspicious message that made you stop and question if it was real? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
YouTube is making some changes that might affect how you share videos from the mobile app. From the app, you can finally share videos from a specific timestamp, which will make it easier to point someone to a part of a video you might want them to see while you’re on your phone. However, this change will replace the Clips feature that lets you make a shareable clip from a video.
You’ll still be able to watch any Clips that you’ve already made. But moving forward, “the ability to set an end time or include a custom description when sharing will no longer be available,” YouTube says. The company notes that while clipping is “important way for creators to reach new audiences,” it says that “a number of third-party tools with advanced clipping features and authorized creator programs are now available to do this across different video platforms.”
The company originally introduced the Clips feature in 2021.
L.A. Affairs: After getting dumped at 46 by a cheater, could I ever find love again?
Californians are pouring money into Democrats’ Senate races in other states
1,200% jump in kratom-related calls to poison control centers in last decade, analysis shows
Lakers ‘elevate’ work for playoffs with Luka Doncic and Austin Reaves injured
Pressure mounts on Peru’s election authorities amid presidential race delay
Florida High School Football Rankings: Top 25 teams – Oct. 21
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
99th annual Pony Swim held in Virginia
Indiana Members Credit Union announced as new anchor tenant at Bottleworks District
Pressure mounts on Peru’s election authorities amid presidential race delay
Tornadoes touch down in Rochester area
Minnesota Republicans reveal which far-left candidate they want to challenge in open Senate race
Swedish rights groups slam ‘honest living’ criteria for migrants
Orbán’s defeat is a win for democracy and a warning to Trump, some say
-
Ohio3 days ago‘Little Rascals’ star Bug Hall arrested in Ohio
-
Arkansas1 week agoArkansas TV meteorologist Melinda Mayo retires after nearly four decades on air
-
Austin, TX1 week agoABC Kite Fest Returns to Austin for Annual Celebration – Austin Today
-
Politics3 days agoDem fundraising giant in the hot seat as GOP lawmakers demand answers over dodged subpoena
-
Science3 days ago‘Dr. Pimple Popper’ Sandra Lee had a stroke last fall. Here’s how the TV doc is bouncing back
-
Politics6 days agoTrump blasts Spanberger ahead of Virginia meetings, says state faces tax base exodus like New York, California
-
Health1 week agoWoman discovers missing nose ring traveled to her lungs, causing month-long cough
-
San Francisco, CA5 days agoPresident Trump terminates Presidio Trust