LastPass Exposes Customer Data in Klue Breach as OAuth Tokens, Not Vaults, Were Compromised
Updated
Updated · ZDNet · Jun 24
LastPass Exposes Customer Data in Klue Breach as OAuth Tokens, Not Vaults, Were Compromised
3 articles · Updated · ZDNet · Jun 24
Summary
LastPass said a breach at third-party supplier Klue exposed customer contact and CRM data—including names, phone numbers, email and physical addresses—while master passwords and password vaults were not affected.
Klue discovered the intrusion on June 12 after attackers stole OAuth tokens used to connect Klue with Salesforce and Gong, then used those tokens to pull LastPass customer data from Salesforce.
LastPass cut employee access to Klue, refreshed exposed tokens, opened an investigation with Klue and Salesforce, and said it is working with law enforcement and sharing indicators with the cybersecurity community.
Icarus ransomware claimed responsibility and threatened to publish stolen data if Klue did not pay; TechCrunch reported other affected companies include Gong, Jamf, HackerOne, OneTrust, Snyk and Tanium.
LastPass urged users to watch for phishing and social-engineering attempts, and the incident revives scrutiny after the company’s 2022 breaches exposed customer information in a separate attack chain.