Hi, friends! Welcome to Installer No. 124, your guide to the best and Verge-iest stuff in the world. (If you’re new here, welcome, send me your Coachella fits, and also you can read all the old editions at the Installer homepage.)
Technology
Password manager fined after major data breach
NEWYou can now listen to Fox News articles!
Any data breach affecting 1.6 million people is serious. It draws even more attention when it involves a company trusted to guard passwords. That is exactly what happened to LastPass.
The UK Information Commissioner’s Office has fined LastPass about $1.6 million for security failures tied to its 2022 breach. Regulators say those failures allowed a hacker to access a backup database and put users at risk.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
CHECK IF YOUR PASSWORDS WERE STOLEN IN HUGE LEAK
Why the LastPass breach still matters
LastPass is one of the most widely used password managers in the world. It serves more than 20 million individual users and around 100,000 businesses. That popularity also makes it an attractive target for cybercriminals.
The UK Information Commissioner’s Office fined LastPass for security failures tied to its 2022 breach. (LaylaBird/Getty Images)
In 2022, LastPass confirmed that an unauthorized party accessed parts of its customer information through a third-party cloud storage service. While the incident initially raised alarms, the long-term impact has taken time to fully surface.
The ICO now says the breach affected about 1.6 million UK users alone. That scope played a major role in the size of the fine.
What regulators say went wrong
According to the ICO, LastPass failed to put strong enough technical and security controls in place. Those gaps made it possible for attackers to reach a backup database that should have been better protected.
The regulator added that LastPass promises to help people improve security, but failed to meet that expectation. As a result, users were left exposed even if their passwords were not directly cracked.
Were passwords exposed or decrypted?
There is still no evidence that attackers decrypted customer passwords. That point matters.
Despite the breach, security experts continue to recommend password managers for most people. Storing unique, strong passwords in an encrypted vault is still far safer than reusing weak passwords across accounts.
As one expert noted, modern breaches often succeed after identity access rather than password cracking alone. Once attackers get a foothold, the damage can spread quickly.
Although attackers accessed a backup database, there is no evidence that customer passwords were decrypted. (Kurt “CyberGuy” Knutsson)
Why the LastPass fine is a wake-up call for cybersecurity
The ICO called the LastPass fine a turning point. It reinforces the idea that security is about governance, staff training and supplier risk as much as software.
Users have a right to expect that companies handling sensitive data take every reasonable step to protect it.
Breaches may be inevitable, but weak safeguards are not.
LastPass on the UK data breach
We reached out to LastPass for comment on the UK fine, and a spokesperson provided CyberGuy with the following statement:
“We have been cooperating with the UK ICO since we first reported this incident to them back in 2022. While we are disappointed with the outcome, we are pleased to see that the ICO’s decision has recognized many of the efforts we have already taken to further strengthen our platform and enhance our data security measures. Our focus remains on delivering the best possible service to the 100,000 businesses and millions of individual consumers who continue to rely on LastPass.”
MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINS
How to protect yourself after a password manager breach
Breaches like this are a reminder that security requires layers. No single tool can protect everything on its own.
1) Use a strong password manager correctly
Keep using a reputable password manager. Set a long, unique master password and enable two-factor authentication. Avoid reusing your master password anywhere else.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.
2) Rotate sensitive passwords
Change passwords for financial accounts, email accounts and work logins. Focus on services that could cause real damage if compromised.
3) Lock down your email
Your email account is the key to password resets. Use a strong password, two-factor authentication and recovery options you control.
4) Reduce your exposed personal data
Data brokers collect and sell personal information that criminals use for targeting. A data removal service can help reduce what is publicly available about you. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
The fine sends a warning to the entire cybersecurity industry. Companies that handle sensitive data must protect it with strong safeguards and oversight. (REUTERS/Andrew Kelly)
5) Watch for phishing attempts and use strong antivirus software
After major breaches, scammers follow. Be cautious of emails claiming urgent account problems or asking for verification details. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
6) Keep devices updated
Install updates for your operating system, browser and security tools. Many attacks rely on known vulnerabilities that updates already fix.
Kurt’s key takeaways
The fine against LastPass is about more than one company. It highlights how much trust we place in tools that manage our digital lives. Password managers remain a smart security choice. Still, this case shows why you should stay alert even when using trusted brands. Strong settings, regular reviews and layered protection matter more than ever. In the end, security works best when companies and we share the responsibility. Tools help, but habits and awareness finish the job.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Do you believe companies are doing enough to protect user data, or should regulators step in more often? Let us know by writing to us at Cyberguy.com.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
According to Nikkei Asia, even as suppliers ramp up DRAM production, manufacturers are only expected to meet 60 percent of demand by the end of 2027. SK Group chairman has even said that shortages could last until 2030.
The world’s largest memory makers — Samsung, SK Hynix, and Micron — are all working to add new fabrication capacity, but almost none of it will be online until at least 2027, if not 2028. SK opened a fab in Cheongju in February, but that is the only increase in production among the three for 2026.
Nikkei says that production would need to increase by 12 percent a year in 2026 and 2027 to meet demand. But according to Counterpoint Research, an increase of only 7.5 percent is planned.
The new facilities will primarily focus on producing high-bandwidth memory (HBM), which is used in AI data centers. With the companies already prioritizing HBM over general-purpose DRAM used in computers and phones, it’s not clear how much these new fabs will help alleviate the price crunch facing consumer electronics. Everything from phones and laptops, to VR headsets and gaming handhelds have seen price increases due to the RAM shortage.
NEWYou can now listen to Fox News articles!
Most people assume scammers need to hack something. A database. A password. A bank system. They don’t.
In most cases, everything a scammer needs to target you is already sitting online, publicly available, completely legal to access, and surprisingly easy to find.
Here’s what they’re actually looking at before they ever pick up the phone.
Sign up for my FREE CyberGuy Report
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Data broker listings often include sensitive details like your address, phone number and relatives, making removal a critical first step. (Kurt “CyberGuy” Knutsson)
Your personal profile is already out there, and it’s more complete than you think
There’s an entire industry built around collecting and selling your personal information. It’s called data brokering, and most people have never heard of it.
Right now, without your knowledge or consent, your details are being published by dozens of websites, including:
- People search sites (like Whitepages, Spokeo, and BeenVerified): your full name, current address, phone numbers, and age.
- Address lookup tools: your current and past home addresses, sometimes going back decades.
- Relatives databases: the names and contact information of your family members, automatically linked to your profile.
- Property records: whether you own your home, what it’s worth, and when you bought it.
None of this requires a hack. It’s all pulled from public records, voter registrations, court filings, real estate transactions, marriage and divorce records and assembled into a profile that anyone can search for a few dollars or sometimes for free.
They’re not guessing. They’re researching
In 2024, federal prosecutors indicted a network of scam call centers operating out of Montreal that had defrauded hundreds of elderly Americans out of more than $21 million. What made the scheme so effective wasn’t sophisticated technology. It was a spreadsheet.
The scammers were working from lists of potential victims that included names, ages, and household income information pulled from commercial databases. They used those lists to identify targets, then called them pretending to be grandchildren in trouble. The calls were convincing enough that victims handed over thousands of dollars, sometimes in cash picked up at the door.
They didn’t hack anyone. They just did their research first.
WHY WIDOWS AND DIVORCED WOMEN ARE TARGETS FOR RETIREMENT SCAMS
A call that sounds personal or urgent often relies on real information found about you online. (Kurt “CyberGuy” Knutsson)
Three ways scammers turn your public data into a weapon
Scammers use your publicly available data to make their attacks more personal, believable and harder to detect. Here are three ways they do it.
1) Impersonating your bank
A scammer calls and says, “Hi, this is fraud prevention at [your bank]. We’re seeing suspicious activity on your account ending in 4721.”
They already know your bank, your name, and possibly your address. That’s enough to sound legitimate. From there, they walk you through “confirming your identity,” which is really just you handing over the information they need to access your account.
This kind of scam starts with a simple people-search lookup. Your name and address lead to property records. Property records suggest your income range.
2) The family emergency call
Imagine getting a call: “Meemaw, it’s me. I’m in trouble. Please don’t tell Mom.” Scammers don’t guess. Instead, they research your family first. They use relatives’ databases to find your children’s names, ages and connections.
With that information, they build a story that sounds real. For example, they know to call you “Meemaw.” They also know which grandchild to impersonate. In some cases, they even mention a sibling’s name to make the story more convincing.
As a result, the call feels personal and urgent. However, none of it is random. It’s all based on information that was publicly available the entire time.
3) Targeted phishing with your own details
A phishing email that says “Dear Customer” is easy to ignore. One that says “Dear [your full name], we noticed unusual activity on your account registered to [your home address]” is a lot harder to dismiss.
Scammers use publicly available data to personalize attacks, adding your real name, city, or even a reference to your neighborhood to make a fake email or text look authentic. The more specific the details, the more likely you are to believe it.
“But I’m not on social media.” This is the most common objection, and it misses the point entirely.
You don’t have to be on social media for your information to be online. Data brokers pull from public records, not your Facebook profile. Your information is likely already listed on dozens of sites because of:
The less they think they’ve shared, the more surprised people usually are when they search for themselves on a people-search site for the first time.
DATA BROKERS ACCUSED OF HIDING OPT-OUT PAGES FROM GOOGLE
The more details a scam includes, the more likely it is built from your publicly available data. (Kurt “CyberGuy” Knutsson)
How to reduce your exposure
You don’t have to accept this as permanent. A few practical steps can help:
- Search your full name on Whitepages, Spokeo, FastPeopleSearch, and other people-search sites and submit opt-out requests.
- Look up your address directly, not just your name, since many listings are organized by location.
- Ask elderly family members to search for themselves, too, since older adults are disproportionately targeted.
- Be skeptical of any call that opens with personal details, as it can be a sign that someone researched you first.
How to remove your personal data and stop scammers from finding you
The challenge is that there are hundreds of data broker sites, each with its own removal process. Manually opting out of all of them can take hours, and your information often reappears weeks later when brokers refresh their databases.
That’s why ongoing automated removal is the only approach that actually works. That’s why I recommend using a trusted data removal service.
These services automatically contact data brokers on your behalf and request the removal of your personal information. They also continue monitoring those sites and submit new removal requests if your data reappears.
Many services remove personal data from hundreds of data broker and people-search websites, and some plans allow you to request removals from additional sites as needed.
Some have also received third-party assurance from independent firms, helping validate their claims.
The goal is simple: make it much harder for strangers, scammers, and cybercriminals to find your personal information online.
These services often include a money-back guarantee, so you can try them risk-free and see how much of your information is exposed online.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com
Kurt’s key takeaways
Most scams don’t start with a breach. They start with a search. Your name, address, relatives and even income clues are already out there, quietly fueling more convincing and more dangerous attacks. That’s what makes this so unsettling. You can do everything “right” online and still be exposed because the system itself is built to share your information. The good news is you’re not powerless. Once you understand how scammers build their playbook, you can start disrupting it. Removing your data, limiting exposure and staying skeptical of anyone who knows a little too much about you can dramatically reduce your risk. The goal isn’t to disappear completely. It’s to make yourself a much harder target.
What should be done to stop scammers from using your publicly available data against you in the first place? Let us know by writing to us at Cyberguy.com
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
This week, I’ve been reading about restaurant bread and GLP-1s and Lenny Rachitsky and Artemis II fashion, watching the new boy band doc because I will always watch a boy band doc, also watching every clip I can find from Justin Bieber’s Coachella set, filling the Schitt’s Creek-shaped hole in my heart with Big Mistakes, getting increasingly excited about The Mandalorian and Grogu, and watering my new lawn so it doesn’t die. Please don’t die, lawn. You were so expensive.
I also have for you a couple of new AI apps to install on your computer, new action cameras worth planning a trip around, a new sci-fi action game to play, and much more.
Oh, and a reminder: Send me the thing you made! We’re doing self-promotion week in Installer (probably next week but maybe the week after), and either way I want to hear about the things you’ve been making, building, coding, creating, whatever-ing that you think the Installerverse might like. I’ve already heard from SO MANY of you, and it rules — keep the good stuff coming! Let’s dig in.
(As always, the best part of Installer is your ideas and tips. What are you watching / reading / playing / listening to / storing on your NAS this week? Tell me everything: installer@theverge.com. And if you know someone else who might enjoy Installer, forward it to them and tell them to subscribe here.)
- OpenAI Codex. Here’s OpenAI’s latest stab at an all-in-one AI superapp, which includes a web browser, new coding tools, and a setting that allows Codex to just use your computer for you. Tread lightly, as always, but people seem to be liking Codex a lot recently.
- Gemini for Mac. I’m mad at Google for tying its Mac app to a keyboard shortcut lots of people use for other things, and for making the app a login item by default. But! This is immediately the best way yet to interact with Gemini, and even Google Drive and Photos, from your computer. Into my dock it goes.
- Beef season two. Beef is one of the very best shows nobody ever seems to talk about. I’ve been burned before by the “we’ll just do it again but with a whole new cast” premise — looking at you, True Detective — but this is a win even just as a reason to rewatch the first season.
- Gradient Weather. Y’all, I think somebody finally made the gorgeous, simple weather app Android has been desperately needing. It’s very new and very beta, but I love the look, and I love that the whole aesthetic shifts with the weather. Insta-install.
- Lorne. By all accounts this is about as close as anyone has ever gotten to a truly inside look at Saturday Night Live and its semi-mythological creator, Lorne Michaels. Morgan Neville mostly makes great docs and got a ton of access for this one; I’m very excited to watch it.
- “Where Are All Of These GPUs Actually Going?” A very fun answer to a surprisingly complex question: What are companies doing with the unbelievable quantities of chips they’re buying? The numbers are all kind of pretend, and How Money Works does a good job making them make sense.
- The DJI Osmo Pocket 4. It’s very sad that this gimbal camera isn’t coming to the US in the near future, because more buttons, better slo-mo, and more built-in storage are all terrific upgrades. I use a Pocket 3 all the time, and will be keeping an eye out for the upgrade.
- The GoPro Mission 1 Pro ILS. This one’s still in “coming soon” mode, but it is the first GoPro in a long time I’ve been excited about. Adding an interchangeable lens mount, along with all the other Mission 1 upgrades, is going to completely change the kinds of things people do with GoPros. I can’t wait to see this thing out in the wild.
- Coachella TV. I’ve never spent much time with YouTube’s Coachella livestream, but this year’s show has been terrific. It almost feels like a concert doc being shot in real time — and there’s more Bieber to come!
- Pragmata. I am always here for a game that’s not trying to be a live-service, battle-royale, open-world anything, and instead just sends you on an adventure. It may suffer from being a touch too derivative, but it still appears to be very much my kind of game.
I’ve been a fan of Maria Popova’s work for… about as long as I can remember. Maria runs a site called The Marginalian, which I started following back when it was called Brain Pickings; under both names the site has been a fountain of stuff to read, with surprising and smart ideas about just about everything. I spend a lot of time reading, and on the internet, and I can’t think of anyone who shows me more stuff I never would have found otherwise.
Maria put out a book earlier this year, called Traversal, that is all about how people look at, think about, and reckon with the world around them. There is a lot going on in this book, and I suspect you’ll like it. I asked Maria to share her homescreen with us, curious if she also had a more enlightened take on all things technology.
Here’s Maria’s homescreen, plus some info on the apps she uses and why:
The phone: iPhone 16 – still too large for me, but I had to grudgingly resign to it after my last 13 mini gave up Moore’s ghost.
The wallpaper: Spring moonrise behind leafing maple in the forest where I live much of the year.
The apps: Evernote, Phone, Safari. (Blank Spaces is the app that turns the icons to text.)
The usual life-management tools (calendar, connection, climate) plus Evernote, which I have been using since 2003 and which is by now an Alexandria of meticulously organized information that just about runs my life.
I also asked Maria to share a few things she’s into right now. Here’s what she sent back:
- Robert Macfarlane and Jackie Morris’s Book of Birds: A Field Guide to Wonder and Loss.
- Joan As Police Woman’s record Lemons, Limes and Orchids.
- Jad Abumrad’s miniseries Fela Kuti: Fear No Man.
- The lovely reminder of who we can be in the story of how humanity saved the ginkgo.
Here’s what the Installer community is into this week. I want to know what you’re into right now as well! Email installer@theverge.com or message me on Signal — @davidpierce.11 — with your recommendations for anything and everything, and we’ll feature some of our favorites here every week. For even more great recommendations, check out the replies to this post on Threads and this post on Bluesky.
“Becca Farsace recommended the OhSnap Mcon on her channel recently and I picked one up. It’s super slick and works great with the Delta emulator so far. I got Goldeneye running just fine with it after a little tuning.” — Ian
“Really been enjoying Plain Text Sports to follow the start of baseball season. Loads fast, has everything I want with none of the ESPN cruft” — Rich
“I’ve almost finished reading Service Model by Adrian Tchaikovsky and I’m obsessed: equal amounts of humor and existential dread. It’s very silly, very thoughtful, and frankly a very Verge-y take on technology.” — Olof
“YouTube has been my recent go-to for surprisingly good short films that you would probably never hear about or would probably get lost in the Hollywood machine. For instance, this one called Aborted was amazing and there are more like it out there.” — Steve
“Definitely watch Jon Bois’ hilarious, quirky, and informative series about the birth of the internet mashed up with Home Improvement TV show references.” — Logan
“I bought a MacBook Air a few weeks ago after looking at the Neo and getting fed up by Windows, and I bought a few helper apps to fix small annoyances I had with the notch and
Spotlight. There are a lot of good notch applications but I bought Alcove — having the notch show me when I raise and lower volume makes the giant black bar in the middle of my screen feel slightly less useless somehow. I’ve also been using TinyStart, which is really
fast and nice! These two helper apps have made using the Mac as my main computer feel much nicer than it did the last time I tried.” — Iris
”My passion for discovering TTRPGs and learning about game design has led me into a deep dive on the Youtube channel Knights of Last Call. Long live-streams and VODs and a super active community have opened my eyes to even more of what is possible in TTRPGs.” — Simeon
“Season 3 of Shrinking on Apple TV just ended on such a powerful note. The ensemble cast just keeps bringing it and the writing realistically takes on all kinds of human problems we all deal with or know about. A+” — Aaron
“I find SO MANY great book recommendations thanks to The Big Idea feature on John Scalzi’s blog, Whatever!” — Steve
You surely already know this, but I spend way too much time on snacks. Eating them. Researching them. Thinking about them. Longing for more of them. And I know I’m not alone! So I have big news: My wife recently brought home a variety pack of candy from YumEarth, and it’s all excellent. It’s basically Skittles, Starbursts, and Sour Patch Kids, but with more natural ingredients and a lot less sugar. (But still a lot of sugar, because it’s candy. Sugar-free candy is a lie.)
I am constantly on the lookout for a way to make my bad habits a little better, without making my life worse in the process. This is a perfect one. The Skittles equivalent are called “Giggles,” which is awful, but they’re delicious. So I’ll allow it. I’m gonna go get some right now.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
-
Florida3 minutes agoSNAP benefits will be changing in Florida starting Monday
-
Georgia9 minutes agoGeorgia on nobody’s mind: The Dawgs are under the radar, and that’s a compliment
-
Hawaii15 minutes agoLarge section of Aloha Stadium demolished as project proceeds – West Hawaii Today
-
Idaho21 minutes ago
Idaho Lottery results: See winning numbers for Powerball, Pick 3 on April 18, 2026
-
Illinois27 minutes ago5 tornadoes confirmed in Illinois from Friday’s storms
-
Indiana33 minutes agoAn Indiana district turned to voters to fund more preschool seats. Here’s what happened next.
-
Iowa39 minutes agoVote: Who Should be Iowa’s High School Athlete of the Week? (4/19/2026)
-
Kansas45 minutes agoKansas Losing Momentum With Key Transfer Target After New Visits