Oh my gosh! It has happened! I've been waiting years for this moment! Thank you so much for the heads up Shadow!

Maybe a few of the people who bought those whatever-they-ares intend to leave them to their children. Maybe in fifty years Antiques Road Show will appraise them for twice what they cost. Allowing for inflation, at least they might break even.

I use BitWarden for my corporate accounts and LastPass for personal. Will probably switch out of LP soon.
My prior references to SIM hijack was an attacker taking control of your phone number through the port process, not emulation.
2FA can also be hacked with malware on your phone that surreptitiously forwards SMS.
RoboForm used to be an excellent offline password manager, no idea if the company is still around.
I've also used the open source VeraPass which was really good but no idea if still around.
The most secure means of password mgmt is portable USB or fob based (RoboForm had a specific To Go product for that) but it is not convenient in the world of smartphones. If one is a heavy PC user, nothing can beat the security of encrypted passwords on a USB disk.
I did that for many years, very secure. Pop the portable USB fob into machine, RoboF pops up, I go through 2 different passwords-- first decrypt the disk and then the password to RF itself. Super secure but less convenient than LastPass.

To me, the cost of living adjustment indexed to inflation or COLA described in the article makes the most sense. If the Times is worried that inflation won't last and they'll be promising too much, COLA would hedge their bets but also ensure that employees' wages keep up with prices everywhere else instead of being a wage reduction after inflation. From the article:

Whatever pay increase the Times eventually agrees to, the NewsGuild is calling for a cost-of-living adjustment (COLA) that would equal inflation, that would hold Guild members harmless against any increase in inflation. The Times has rejected that COLA proposal even though enlightened employers often agree to cost-of-living adjustments. Not only do such provisions protect employees from having their pay eroded by higher-than-expected inflation, but if inflation remains low, COLA provisions would help the employer’s bottom line by holding down any promised raises. I hope that Times management will see the light on this—and take the enlightened approach.
It’s not as if the Times can’t afford to give newsroom employees a 22.7 percent raise over four years. That’s around ten percentage points above what the Times is offering, and with each percentage point translating into $1.5 million a year in raises, that would cost the Times $15 million annually. That represents just 10 percent of the $150 million stock buyback and a small fraction of the Times’ current $465 million in cash on hand.

In the current negotiations, the NewsGuild is demanding a wage increase averaging 5.25 percent a year over four years.... According to the union, the Times’ latest wage offer comes to 2.875 per year...

Meanwhile, the Times raised paper subscription rates 10% at the start of 2022, and will raise them another 12% at the start of 2023. That's more, cumulative, in just two years than the workers are asking for spread over a period of four years.
I had been thinking about cutting back the number of days I get the paper in hardcopy. But after reading about how the Times values its employees, I'm thinking of skipping pay subscriptions altogether and taking the free digital subscription offered through my school.
I appreciate the service that the Times provides, but it shouldn't be on the backs of its employees or its customers alone.

@david
Boy you love to bluster and also change the goalposts I see. Inspired by the current soccer World Cup?
So we went from "show me how a brokerage account can be wiped, post some links" to "without operator error, how can an account be wiped" and "CNBC does not have competent editors" because strangely enough this became an exercise not about commenting on the substance of the issue but about CNBC citing 3 sources when they pinkie promised 4 at the top of the article.
I take it then you're an InfoSec guru + writing wizard. Any other skills you'd like to dazzle us with? Why do you spend time on this forum with us uneducated folks when you could be monetizing your genius and be consulting with CNBC, Cloudflare and the like. InfoSec is hot David, you are severely underutilizing your skills. Google, Mandiant and Microsoft will pay you top $$ I assure you.
On the topic of how your PC can be hacked without operator error, I suppose Microsoft and Google are both being run by rubes because they keep issuing OS and Chrome browser patches all the time coz -- hey they got nothing better to do. They also offer big bucks for zero-day exploits because hey tech companies have a lot of moolah to burn. Meanwhile users who haven't updated Chrome or Windows for more than 6 months wonder how in the hell trojans and worms got onto their machine.
While Lapsus$ can directly breach Microsoft, they don't stand a chance of breaching David's system. If I didn't know any better I would have thought Pegasus is just a mythical stallion and not also the name of a product that can hack into a phone without any action needed from the owner of the phone. Egads, can't happen. All humbug. The entire Khashoggi story is all urban legend. Also humbug is all of the stuff that Edward Snowden described in great detail in his book as to what the NSA was capable of more than 10 years back. Because technology and hacking sophistication move backward, not forward. With the passage of time and exponentially more powerful CPU's (that can brute force password cracks) hacking actually gets more difficult.
Hackers also reduce in number and age out even as world population grows and rewards for hacking (including new pathways for hacking such as crypto) grow ever larger.
Meanwhile we all scratch our heads and wonder why when Windows, Chrome, Android etc.. are becoming impenetrable why companies and talent in cybersecurity are fetching top $$. All of the breaches mentioned at --> https://www.upguard.com/blog/biggest-data-breaches-us all baloney, all operator error. Had Mr. Moran been the CISO at all these places, none of this would have occurred.
But all of this to no avail to our (super)man Moran. If there ain't a written manual, it ain't true.
Peace

@stayCalm- Definitely not wanting to engage in any hostilities, but I'm wondering about your comment regarding being a "pretty heavy user of PersCap". Is PersCap some sort of aggregation setup? And if it is, do you think that the hacking risk is acceptable?
I just eliminated all of my aggregation accounts at Schwab, and I guess that the next step would be to change the passwords on those accounts because it's likely that some residual information will still be at Schwab's aggregator.
This has all turned out to be a very interesting question, and I'm really surprised that in all of the many years at MFO apparently we haven't discussed this before.
Thanks- OJ

I have own this fund Long term... off nearly 20% YTD... 10% of my portfolio.
So here the deal. Buy into this fund a little at a time and monitor its performance. It has under performed for the last 5 years so pay close attention. If its performance reverts to it's 10 and 15 year performance you will be in a good position long term.
On a one year basis, I would suggest PRNHX in a better fund to take advantage of the '22 swoon.
My question for buyers, when have we bottomed?
The financial markets still seem attached at the hip with the Fed so until they stop raising rates we will just attempt at guessing how far prices will revert.

The Primecap funds have certainly endured a few years of bad luck -- POAGX in particular was perfectly positioned to crater when covid struck as it had outsized stakes in things like airlines and cruise lines. Yet the fund is idiosyncratic, that's for sure. All three of the funds have seen significant redemptions, resulting in large capital gains distributions for several years (worsening tax-adjusted performance). Anyone considering a new investment should take a look at the portfolio and be comfortable with the huge chunk of biotech and pharmaceuticals in there. It's almost a healthcare fund.

You bring up some very good points.
Primecap is a benchmark-agnostic firm and tends to favor certain industries.
The following data was gleaned from M* reports published July 2022.
POAGX: ~20% in biotech/pharma, ~13% in semis
VPMAX: ~20% in biotech/pharma, ~13% in semis
VPCCX: ~18% in biotech/pharma, ~11% in semis
Primecap-managed funds may underperform common benchmarks for several consecutive calendar years.
Investors should be prepared for this possibility.
POAGX: lagged Russell Mid-Cap Growth from 2018 - 2021
VPMAX: lagged Russell 1000 and S&P 500 from 2019 - 2021
VPCCX: lagged Russell 1000 and S&P 500 from 2018 - 2021
All three funds had top-decile 10 Yr. and 15 Yr. fund category returns through 11/30/2022.
Primecap-managed funds can generate large capital gains distributions
and are best held in tax-deferred or tax-exempt accounts.

If your loss exceed $3,000, the remaining balance gets carry over next year.
Back in 2008, I incurred capital loss that covered next several years. If I would be more patient, these funds would have recovered in several years. In the retrospect, I should be patient just like Warren Buffet.

Excerpt from The Long View podcast episode (published 12/14/2021) featuring Mr. Bengen.
Benz: How about the reverse of that where you believe that equity valuations are notably scary? Would it be advisable to potentially take the equity weighting way down with the assumption that you would ramp it up later on?
Bengen: Yes. And essentially, that's what I'm doing in my portfolio. I'm only about 20% equities right now, because I think evaluations are ridiculous. And if you look at the chart of the CAPE, you'll see that when it reaches these peaks, in 1929, and it did so in the mid-60s, and then around 2000, that there was a sharp decline from that. It may take a number of years for it to happen. But it has always happened historically, and I don't know why this would be any different, the current environment. I just can't predict when it will happen. It will be six months, two years, who knows. But I'm a believer that the mean reversion--if we don't have mean reversion, it means we're in a whole new era and that the historical data doesn't mean really that much. So, I guess we'll have to wait and see.
Link

The Primecap funds have certainly endured a few years of bad luck -- POAGX in particular was perfectly positioned to crater when covid struck as it had outsized stakes in things like airlines and cruise lines. Yet the fund is idiosyncratic, that's for sure. All three of the funds have seen significant redemptions, resulting in large capital gains distributions for several years (worsening tax-adjusted performance). Anyone considering a new investment should take a look at the portfolio and be comfortable with the huge chunk of biotech and pharmaceuticals in there. It's almost a healthcare fund.

Info that @Observant1 provided from Fido is similar to what I have seen at other places too. Please read it carefully. Banks/brokers say that if you share your login with ANYONE, they are no longer responsible. I assume that ANYONE to mean relatives, friends, 3rd party a/c aggregators, etc. Question to ask is who is responsible if something goes wrong?
I think that my discomfort level about 3rd party aggregators rose significantly years ago when in addition to account# and password, they started asking for info on other forms of authentications - images (this system is getting old), authentication codes, etc.
As others have noted, there are risks in anything we do. But I decided that this risk from aggregators isn't worth for me. I do use Portfolio services (old M* Portfolio - offline, new M* Investor, Stock Rover) but there too, I don't link my brokerage accounts and rely on manual update of transactions.

Using Yodlee via Schwab vs. using Yodlee or equivalent directly does not offer any additional security. Yodlee is a cloud based service, it can be hacked directly without needing to hack Schwab.
Note that the account credentials you are providing (either to Schwab or Yodlee directly) are traversing the internet from your machine to Schwab and from Schwab to the aggregator. Yes it is encrypted and all that good stuff but it can be hacked including from bad apple insiders (this is how Capital One was hacked)
In a cloud based world, hacking is a lot easier than the pre-cloud world because of the distributed nature of all services. In the age of the internet, security and privacy are not realistically possible. Over the last 5-7 years at least 5+ of my accounts with large corporations have been hacked -- Target, Capital One, Home Depot, Experian, etc..
Hell LastPass recently got hacked, in effect LastPass is the equivalent of an account aggregator but much worse since it has a lot more confidential stuff than just financial accounts.

Nice work if you can get it: https://propublica.org/article/ken-griffin-citadel-irs-propublica-lawsuit-taxes?utm_source=sailthru&utm_medium=email&utm_campaign=dailynewsletter&utm_content=river

In an April story about the top earning Americans and what taxes they paid, ProPublica reported that Griffin had the fourth-highest income in the country between 2013 and 2018, according to the data. He reported an average annual income of nearly $1.7 billion. Griffin paid a tax rate of 29.2% during these years, a higher rate than many of his hedge fund manager peers but significantly lower than the top marginal income tax rate of around 40%.
That article explained that even though our system is designed to tax the rich at higher rates than everyone else, it doesn’t work that way for those at the apex of the income pyramid. On average, they pay far lower tax rates than the merely affluent do. And even among the top 400 earners, people from certain industries have it better than others: Tech billionaires pay rates well below hedge fund managers.
In response to that article, a spokesperson for Griffin said the tax rates in the IRS data “significantly understate” what Griffin pays, because the rates were lowered by charitable contributions and do not reflect local and state taxes. He also said Griffin pays foreign taxes, which aren’t included in IRS calculations of effective tax rate.
In a second story, ProPublica showed how much Griffin stood to gain from having bankrolled a fight against an income tax increase in his then-home state of Illinois. He spent $54 million fighting that tax. The effort was a success and the increase went down in defeat.
That campaign spending was worth it for Griffin. Based on his past income, the increase could have cost him as much as $80 million in a year. (Subsequently, Griffin moved from Illinois to Florida, which has no state income tax.)
In another series about the IRS, this one in 2018, ProPublica highlighted how the agency was gutted. Congress, driven by Republicans after the Tea Party wave election in 2010, repeatedly cut the IRS budget, resulting in a loss of billions of dollars of funding. Tens of thousands of IRS employees left. Audits, particularly of the wealthiest Americans and the largest corporations, plummeted. Criminal investigations of tax evasion fell dramatically.

Does anybody else use Quicken to download transactions at various brokerages? I have done it for years and believe it is safer, as the passwords remain on your computer and not on Quickens.

@ Old_Joe
I have been tempted for years to use Yodelee or the aggregator ( most also use Yodelee) at one of my four brokerages ( don't ask!) but always shied away, as I could not be convinced that giving them my password was safe.
I have never been able to get them to demonstrate how they limit their ability to access anything other than balances and positions. Your passwords are still stored in their computers and how safe is that?
Ever so often I would google "Yodelee hack" to see if any had occurred. Haven't done it recently
When I asked my broker at Morgan Stanley how safe it is, he said he knew nothing about it and MS had no responsibility. I assume Schwab would say the same thing.
Quicken will download transactions from all brokerages, but the passwords are on your computer and not Quickens. I copy and paste them into the software temporarily just as an added safeguard.
I think this is safer than going through two third party websites
Only recently has Schwab required users specifically certify that this Quicken downloading is acceptable. No one else requires this.
I have been unable to find out is this is due to a security breech, but it is a bit concerning.

Unfortunately Tesla is big enough to be the 4th holding in S&P500 index. Also it is widely held in many large cap growth funds as shown below. Not easily to avoid it in your investment, even ESG funds.
https://finance.yahoo.com/quote/TSLA/holders?p=TSLA
Let’s hope other electric car manufacturers catch-up and displace Tesla in the near future.
China will face challenging business environment with their COVID situation in coming years. They are facing the lack of effective vaccines, dense population density, and the worst COVID policy.

I reduced exposure to China several years ago. Geopolitical risk is increasing lately and globalization is devolving…
Now is a good time to rebalance the portfolio before year end. What a year!

In another current MFO thread the issue of safety with respect to financial account aggregation was raised. It seemed to me that this whole topic might deserve a thread of it's own. I'd sure be interested in hearing a range of opinion on this question. For starters, I did find some information regarding this topic, but nothing that specifically went into much detail on the potential security risks.
Here are a couple of excerpts:

From Investopedia
What is Account Aggregation?
How Account Aggregation Works
Account aggregation usually occurs only within a single financial institution. However, certain assets held outside a financial institution may be included if the account holder has agreed to that.
Many personal finance services offer customers the ability to aggregate data from all of their savings, checking, and brokerage accounts, as well as other financial assets across all the institutions with which they do business. These services usually require that users provide account-access information, such as a username and password, for each of the accounts that they wish to include in the aggregation. Using this information, the service "scrapes" or downloads account balances and other data from each account to include in the aggregation.
However, account aggregation software is often allowed only to access balance information and transaction records. And for security reasons, many aggregation services do not permit users to make transactions from within the service.
In addition to aggregating data from savings, checking, brokerage, and other financial accounts, some aggregation services and software—particularly those used by professional financial advisers on behalf of their clients—aggregate additional net-worth data, such as recent home-value estimates. Account aggregation platforms may also categorize cash inflows and outflows.
From "The Balance"
Account aggregation services only give the software permission to view your account balances and transactions, not make transactions. If you actually want to access your money or move it, you would need to sign in to each account's website.
Additionally, the software draws on many advanced security features. For example, if you are logging on from an unknown computer or device, additional authentication will likely be necessary.

I've used account aggregation at Schwab and First Republic Bank for several years now. I did wonder about the potential security risks, but rationalized that if the risks were significant then large banks and brokerages probably wouldn't involve themselves with the service, especially as it's likely there isn't much profit in it. Maybe I'm being too complacent about all of this.