LastPass says hackers stole customer data through a supply chain breach at Klue

TL;DRLastPass customer names, emails, phone numbers, and support case data were stolen after hackers breached vendor Klue and used OAuth tokens to access Salesforce.

LastPass is notifying customers that their personal information and customer support case data were stolen after hackers breached Klue, a competitive intelligence vendor that held OAuth tokens granting access to LastPass’s Salesforce environment. The breach did not compromise LastPass’s own infrastructure or its customers’ encrypted password vaults. The stolen data includes names, phone numbers, email addresses, physical addresses, and the contents of customer support interactions.

Klue disclosed the breach on June 12, when CEO Jason Smith confirmed that attackers had gained access to OAuth tokens the company held on behalf of its customers. Those tokens provided authenticated access to Salesforce environments where companies like LastPass store customer relationship and support data. The hackers used the stolen tokens to extract records from multiple organisations simultaneously.

A hacking and extortion group called Icarus claimed responsibility for the attack, threatening to release the stolen data unless affected companies paid a ransom. LastPass has not disclosed how many customers were affected but said it is notifying those whose information was compromised. The company has approximately 33 million users and more than one million paying customers as of its most recent public figures.