In August, LastPass had admitted that an "unauthorized party" gained entry into its system. Any news about a password manager getting hacked can be alarming, but the company is now reassuring its users that their logins and other information weren't compromised in the event.

In his latest update about the incident, LastPass CEO Karim Toubba said that the company's investigation with cybersecurity firm Mandiant has revealed that the bad actor had internal access to its systems for four days. They were able to steal some of the password manager's source code and technical information, but their access was limited to the service's development environment that isn't connected to customers' data and encrypted vaults. Further, Toubba pointed out that LastPass has no access to users' master passwords, which are needed to decrypt their vaults.

The CEO said there's no evidence that this incident "involved any access to customer data or encrypted password vaults." They also found no evidence of unauthorized access beyond those four days and of any traces that the hacker injected the systems with malicious code. Toubba explained that the bad actor was able to infiltrate the service's systems by compromising a developer's endpoint. The hacker then impersonated the developer "once the developer had successfully authenticated using multi-factor authentication." 

Back in 2015, LastPass suffered a security breach that compromised users' email addresses, authentication hashes, password reminders and other information. A similar breach would be more devastating today, now that the service supposedly has over 33 million registered customers. While, LastPass isn't asking users to do anything to keep their data safe this time, it's always good practice not to reuse passwords and to switch on multi-factor authentication.

If you missed the chance to grab Google's Pixel Buds Pro when they went on sale in August, don't worry: The tech giant is giving you another shot at buying the wireless earbuds at a discount. Google's Pixel Buds Pro (in Charcoal and Lemongrass) are currently on sale for $175, or $25 less than their retail price. That's the same price they were listed for the first time they went on sale, and that's also a record low for the model on the website. Seeing as the earbuds only came out a couple of months ago — and they're the first in the line with active noise cancellation (ANC) — that's already a great deal if you've been thinking of getting them in the first place.

We gave the Pixel Buds Pro a score of 87 in our review, where we praised them for having reliable touch controls and a solid ANC. They use a six-core audio chip powered by Google's algorithms for active noise cancellation, and they also have a feature called "Silent Seal" to ensure that they can keep as much ambient noise out as possible. This Silent Seal tool uses sensors to adapt the buds to your ear shape when ANC is on, thereby minimizing sound leaks, as well. 

We also praised the earbuds for delivering a pleasantly punchy bass. And if Volume EQ, which adapts tuning when you adjust loudness, is on, the bass stays punchy even in low volumes. Another thing we liked about the Pixel Buds Pro is that they support wireless charging unlike their predecessors, and they have a quick-charge feature that gives you an hour of ANC listening after just five minutes.

Bottom line, we found the Pixel Buds Pro to be Google's best earbuds to date. They're also the tech giant's most expensive model to date, so you probably wouldn't want to miss this chance to grab them at a lower price. 

Follow @EngadgetDeals on Twitter and subscribe to the Engadget Deals newsletter for the latest tech deals and buying advice.

If a traveler's phone, tablet or computer ever gets searched at an airport, American border authorities could add data from their device to a massive database that can be accessed by thousands of government officials. US Customs and Border Protection (CBP) leaders have admitted to lawmakers in a briefing that its officials are adding information to a database from as many as 10,000 devices every year, The Washington Post reports. 

Further, 2,700 CBP officers can access the database without a warrant and without having to record the purpose of their search. These details were revealed in a letter Senator Ron Wyden wrote to CBP Commissioner Chris Magnus, where the lawmaker also said that CBP keeps any information it takes from people's devices for 15 years. 

In the letter, Wyden urged the commissioner to update CBP's practices so that device searches at borders are focused on suspected criminals and security threats instead of allowing "indiscriminate rifling through Americans' private records without suspicion of a crime." Wyden said CBP takes sensitive information from people's devices, including text messages, call logs, contact lists and even photos and other private information in some cases. 

While law enforcement agencies are typically required to secure a warrant if they want to access the contents of a phone or any other electronic device, border authorities are exempted from having to do the same. Wyden also pointed out that travelers searched at airports, seaports and border crossings aren't informed of their rights before their devices are searched. And if they refuse to unlock their electronics, authorities could confiscate and keep them for five days.

As The Post notes, a CBP official previously went on record to say that the agency's directive gives its officers the authority to scroll through any traveler's device in a "basic search." If they find any "reasonable suspicion" that a traveler is breaking the law or doing something that poses a threat to national security, they can run a more advanced search. That's when they can plug in the traveler's phone, tablet or PC to a device that copies their information, which is then stored in the Automated Targeting System database.

CBP director of office of field operations Aaron Bowker told the publication that the agency only copies people's data when "absolutely necessary." Bowker didn't deny that the agency's officers can access the database, though — he even said that the number was bigger than what CBP officials told Wyden. Five percent of CBP's 60,000 personnel have access to the database, he said, which translates to 3,000 officers and not 2,700.

Wyden wrote in his letter:

"Innocent Americans should not be tricked into unlocking their phones and laptops. CBP should not dump data obtained through thousands of warrantless phone searches into a central database, retain the data for fifteen years, and allow thousands of DHS employees to search through Americans’ personal data whenever they want."

Two years ago, the Senator also called for an investigation into the CBP's use of commercially available location data to track people's phones without a warrant. CBP had admitted back then that it spent $500,000 to access a commercial database containing "location data mined from applications on millions of Americans’ mobile phones."

Uber was hacked, and it had to take its internal messaging service and engineering systems offline to investigate the incident, according to The New York Times. Sources who talked to the publication said employees were instructed not to go on Slack, where the bad actor had posted a message that read "I announce I am a hacker and Uber has suffered a data breach" (along with a bunch of emoji) before it was pulled offline. In a tweet confirming the breach, the company said that it's currently responding to a cybersecurity incident and that it's now in touch with law enforcement. 

The company didn't say what exactly the hacker was able to access and if user data was compromised. The Times says the hacker's Slack message also listed databases they claim they were able to infiltrate, though. And based on screenshots seen by The Washington Post, the bad actor boasted about being able to gather internal code and messaging data. An Uber spokesperson explained that the bad actor was able to post on the company Slack after compromising a worker's account. They then gained access to Uber's other internal systems and posted an explicit photo on an internal page.

Bug bounty hunter and security researcher Sam Curry tweeted information reportedly from an Uber employee that could be about that explicit photo:

Uber admitting the incident and getting in touch with authorities shortly after it happened is a massive departure from how it handled the data breach it suffered back in 2016. The company hid that attack for a year and instead of reporting the incident, it paid the hackers $100,000 to delete the information they stole. Former Uber security chief Joseph Sullivan was fired and eventually charged with obstruction of justice for the role he played in the coverup, though his lawyers argued that he was used as a scapegoat. Uber settled with the Justice Department for failing to disclose the breach in July this year.

Snapchat's messaging and video chat features first made their way to browsers back in July, but only in select markets and for Snapchat+ subscribers. Now, Snapchat for Web is finally available for all the messaging app's users worldwide. It could be the better choice for users who have a lot of typing to do and messages to send, since they'll be looking at a bigger screen and have access to a real keyboard. 

The web interface is pretty basic, but it can also be used to send photos and to make audio and video calls. A company spokesperson previously told us that video calling has become more popular among its users recently. Giving users access to the feature on the web could lead to longer video calls. The spokesperson also told us that Snap could bring more of its core features to the web interface if there's enough demand for them. 

In addition, Snap has launched lock screen widgets for the iPhone now that iOS 16 has come out. The widgets allow users to create shortcuts for the conversations they want — perhaps for people they frequently talk to — so they can fire up chats from their screen in one tap. 

Speaking of shortcuts, the Snapchat app will feature new shortcuts at the top of its chat page. They'll make it easy for users to get to unread Snaps, chats from friend and replies to stories. They will also show reminders for birthdays or for conversations that users haven't replied to yet. Finally, Snap has introduced Question Stickers that users can post to their stories and Snaps. The company said these features will roll out to users soon if they haven't yet.

When Walmart launched its virtual fitting room back in March, it gave you 50 models with various body types and heights to choose from. It was up to you to find the model you resemble the most, so you can see what a piece of garment would look like on you. Now, the retailer is leveling up the experience by letting you virtually try clothes on your own photos. 

In the company's announcement, Apparel and Private Brands EVP Denise Incandela said its virtual fitting room can show how clothes fit in a realistic way. It doesn't simply overlay images on your photos — when you choose an item to fit, you'll see the parts where shadows would fall and you'll see how the fabric would drape on your body. Theoretically, that means different sizes of the same item would look differently on your photo in the same way they'd fall differently on your body if you were trying them in real life. That's made possible with the use of algorithms and machine learning models originally used to develop accurate topographic images.

The new virtual try-on experience is available for 270,000 items across brands on Walmart's website, including Levi's and Hanes, and will continue to grow. You can't use previous photos with the feature, though: The first time you choose "yourself" as a model when you tap the "Try It On" button, you'll be prompted to take a photo of yourself wearing something form-fitting and to input your height. 

The upgraded experience is now available on Walmart's iOS app, and iOS users be able to use the photos they take on mobile when they fire up the experience on desktop or the web "shortly." The feature will roll out to Android users in the coming weeks, as well.

Samsung has made a commitment to achieve net zero carbon emissions for the whole company by 2050 and will spend KRW 7 trillion (US$5 billion) over the next seven-and-a-half years to make that happen. While its plans are likely not as aggressive as Microsoft's, which previously promised to be carbon negative by the end of the decade, it intends to implement changes soon so that its Device eXperience (DX) Division is producing net zero carbon by 2030. 

Samsung's DX division encompasses its consumer electronics businesses, including its mobile and display manufacturing operations, and was only responsible for 10 percent of its greenhouse gas emissions in 2021. Meanwhile, the company's chip and components business, which is often is biggest moneymaker, was responsible for 90 percent of the 17.4 million tons of greenhouses gases it emitted last year. 

Clearly, there's a lot of work to be done for its chipmaking business to be net zero. One of the things the company plans to do is develop technologies that can significantly reduce the gas byproducts of semiconductor manufacturing. Samsung also plans to install treatment facilities at its chip-making plants. In addition, the company will develop carbon capture and utilization technologies that can harness carbon emissions from its semiconductor facilities, store them and then turn them into a usable source. 

The tech giant has joined RE100, the global initiative for businesses that want to use renewable energy to power their operation, as well. It will start by running the DX division and all operations outside its home country on renewable energy within the next five years before matching 100 percent of all its power needs around the world with renewable energy by 2050. Samsung has also detailed other environmental plans in its announcement, including its commitment to promote water reuse and to expand its electronic waste collection initiative to 180 countries from 50. 

A spokesperson for one of its shareholders told Reuters that Samsung had delayed making a clear commitment towards reducing carbon emissions so much, it became a growing concern among long-term investors. Kim Soo-jin, Samsung's head of ESG strategy group, explained: "We are a company that manufactures directly... so there are various, layered challenges. In the end, we are a technology company... So we will contribute positively to climate change through technology development. Since we are a large company and our products are widely used, we will make an impact through scale."

Flo's anonymous mode has arrived. The period tracker promised to launch the new mode shortly after the Supreme Court overturned Roe v. Wade in a bid to assuage privacy-related fears. Activists and privacy advocates cast a spotlight on period tracking apps on the heels of the Supreme Court's decision, warning users that the data they collect could be used for investigations into people seeking abortion services. They urged users to delete those apps, especially if they live in states where abortion is now outlawed.

The new anonymous mode allows people to use Flo without having to type in a name, an email address or any other kind of identifier. Flo teamed up with Cloudflare, the same company that Apple worked with for the iCloud Private Relay, to ensure that it can give users "as much privacy as possible." The company clarified it doesn't sell identifiable health data but that it wanted to make the mode available "to reassure users who are living in states affected by an abortion ban." 

An anonymous mode is certainly welcome, especially for those who remember Flo's spotty history when it comes to privacy. Back in 2019, The Wall Street Journal reported it was sharing sensitive user data, including information on whether someone was trying to get pregnant, with Facebook, Google and other third-party apps.

Since any information fed to the app while anonymous won't be linked to an identifier, it will be gone completely if the device gets lost. It also can't be transferred to a new device and only essential data, such as cycles and symptoms, can get copied into a new account. Users can designate an access code for an extra layer of protection, as well, though they'll totally lose access to their information if they forget it. In other words, it can be pretty easy to lose access to data while in anonymous mode, which is why users have to actively choose to switch it on. 

The period tracker's anonymous mode is now available for iOS users and will make its way to Android devices in October.

Flo

Google has failed to convince Europe's General Court to overturn the Commission's ruling on its Android antitrust case and its decision to slap the company with a €4.3/US$4.3 billion fine. The General Court upheld the Commission's original ruling back in 2018 that Google used its dominant position in the market to impose restrictions on manufacturers that make Android phones and tablets. It did, however, reduce the fine a bit, deciding that €4.125 (US$4.121 billion) is the more appropriate amount based on its findings.

The Commission previously found that Google acted illegally by making it mandatory for Android manufacturers to pre-install its apps and its search engine. By doing so, the Commission said that the company was able to "cement its dominant position in general internet search." That is a huge deal according to FairSearch, the group of organizations lobbying against Google's search dominance and the original complainant in the case, because Google's search engine is monetized with paid advertising. The tech giant makes most of its money from online advertising — based on information from Statista, Google's ad revenue in 2021 amounted to $209.49 billion.

Developing...

A New York federal judge has ruled that that multi-state antitrust lawsuit against Google spearheaded by the Attorney General of Texas can move forward. That said, Judge P. Kevin Castel has also dismissed the plaintiffs' claim that Google's online ad deal with Meta, codenamed Jedi Blue, was an unlawful restraint of trade. The judge said that "there is nothing inexplicable or suspicious" about the two companies entering the agreement. 

If you'll recall, the states that filed the lawsuit accused Google of entering a deal with Meta that gave the latter certain advantages on the ad exchange the tech giant runs. As Bloomberg notes, Meta allegedly had to abandon its plans to adopt a new technology that would've hurt Google's monopoly and to back the tech giant's Open Bidding approach when it comes to selling ads in exchange.

Texas Attorney General Ken Paxton announced that he was filing a "multi-state lawsuit against Google for anti-competitive conduct, exclusionary practices and deceptive misrepresentations" back in 2020. The lawsuit focused on Google's advertising tech practices and how, Paxton said, the company uses its "monopolistic power to control pricing" of ads and "engage in market collusions."

Google sought to dismiss the lawsuit earlier this year. While it failed to convince Judge Castel to fully toss the lawsuit out, the company still posted a celebratory note about the decision. "Importantly, the Court dismissed the allegations about our Open Bidding agreement with Meta — the centerpiece of AG Paxton’s case," the company wrote in a blog post. The tech giant added that the agreement had never been a secret and that it was pro-competitive. It also called Paxton's case "deeply flawed."

Although the judge for this case dismissed the claim that Jedi Blue was unlawful, the deal and Google's ad tech practices as a whole are still under scrutiny by authorities. The European Commission and UK's Competition and Markets Authority launched an antitrust investigation into the companies' agreement back in March. And just last month, Bloomberg had reported that the US Department of Justice was preparing to sue Google over its dominance in the ad market sometime this September.