BeyondTrust, LastPass Impacted by Klue-Salesforce Incident

LastPass is the latest cybersecurity firm to have disclosed the impact from the Klue hack, which resulted in unauthorized access to customers’ Salesforce instances.

A threat actor calling itself Icarus used a compromised legacy credential to access Klue’s systems and generate OAuth tokens to breach third-party platforms Klue integrates with, such as Salesforce.

Icarus then accessed the connected Salesforce instances and exfiltrated data in bulk, using automated scripts. Salesforce and Gong have disabled the Klue integration in response to the attack, and over a dozen organizations have already confirmed the impact.

Incident notifications from the affected companies reveal that the attackers accessed business data accessible through the Klue integration, and that no internal systems were compromised.

LastPass’s notice follows the same lines: “The information accessed was limited to standard business contact information and related customer relationship management (CRM) data, including customer names, phone numbers, email addresses, and physical addresses, as well as support case data and sales-related data.”