LastPass Source Code Breach

Password manager software maker LastPass suffered a data breach last week, which understandably made their customers very nervous – and caused some people to question the decision to put all their passwords in one digital basket. In today’s show, I’ll explain why this particular breach was not a threat to anyone’s passwords and why you should still use a high quality password manager.

In other news: Former security chief blows the whistle on Twitter; major VPN providers are pulling out of India over surveillance law issues; a set of popular Chrome extensions caught committing click fraud; Google’s new Chrome extension restrictions threaten to hobble ad blockers; a father’s Google accounts are deleted over false AI-flagged CSAM; US Federal Trade Commission sues a data broker over lax protection of location data; EFF finds another data broker selling location data to law enforcement; Google launches bug bounty program for open source software projects; DuckDuckGo’s email privacy protection feature now available to all; Ohio judge rules that scanning students’ rooms before tests is illegal; a flight to Cabo is nearly grounded thanks to a passenger sending dick pics to other passengers, including one of the pilots.

Article Links

  1. [The Washington Post] Former security chief claims Twitter buried ‘egregious deficiencies’
  2. [] Major VPN services shut down in India over anti-privacy law; Apple hasn’t yet commented
  3. [BleepingComputer] Chrome extensions with 1.4 million installs steal browsing data
  4. [BleepingComputer] AdGuard’s new ad blocker struggles with Google’s Manifest v3 rules
  5. [The New York Times] A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal.
  6. [Reuters] U.S. FTC sues data broker Kochava for alleged sale of sensitive data
  7. [Electronic Frontier Foundation] Data Broker Helps Police See Everywhere You’ve Been with the Click of a Mouse: EFF Investigation
  8. [Naked Security] LastPass source code breach – do we still recommend password managers?
  9. [Decipher] Google Launches Bug Bounty Program For Open Source Projects
  10. [Spread Privacy] Protect Your Inbox: DuckDuckGo Email Protection Beta Now Open to All!
  11. [The Verge] University can’t scan students’ rooms during remote tests, judge rules
  12. [VICE] Creeps Airdropping Dick Pics Just Made Flying Even Worse
  13. Tip of the Week: How to Prevent Cyberflashing 

Further Info

Table of Contents

Use these timestamps to jump to a particular section of the show.

  • 0:01:32: Update Google Chrome and older iPhones
  • 0:05:48: Twitter whistleblower
  • 0:10:29: Major VPN services shutting down in India
  • 0:14:00: Popular Chrome extensions committing link fraud
  • 0:16:51: Google Chrome changes will limit ad blockers
  • 0:23:38: Father loses Google accounts of false CSAM flagging by AI
  • 0:27:22: FTC sues data broker
  • 0:30:17: EFF research uncovers more police purchases of location data
  • 0:34:55: LastPass source code breach
  • 0:46:43: Google launches bug bounty for open source software
  • 0:49:51: DuckDuckGo email privacy feature now open to all
  • 0:55:55: Court blocks scanning of students’ rooms during remote tests
  • 1:00:43: Cyberflashing nearly grounds flight
  • 1:05:35: Notes on upcoming interviews and shows