Industry - Data Breach
Executive Summary
LastPass confirmed that hackers accessed customer data from its Salesforce environment after stealing OAuth tokens in a supply chain attack on Klue, a third-party market intelligence platform used by LastPass employees. The breach exposed customer names, phone numbers, email addresses, physical addresses, support case details, and sales data, though LastPass password vaults were not compromised. Users are warned to watch for phishing attempts using the stolen information, and LastPass emphasi...
What Happened
On June 12, 2026, LastPass disclosed that hackers accessed customer data from its Salesforce environment following a supply chain attack on Klue, a third-party market intelligence platform used by LastPass employees. The attacker, identified as the Icarus extortion group, compromised Klue's infrastructure using legacy credentials from an old integration service and stole OAuth tokens that connected Klue to customers' Salesforce systems. The exposed data includes customer names, phone numbers, email addresses, physical addresses, support case details, and sales-related CRM data, though LastPass password vaults and the company's core infrastructure were not affected.
Who Is Affected
LastPass customers whose contact and account information was stored in the company's Salesforce CRM are affected. The breach also impacted customers of at least seven other organizations that used Klue's platform, including Recorded Future, Tanium, Jamf, Sprout Social, Gong, Huntress, and Insurity. Affected individuals face increased risk of targeted phishing attacks and social engineering scams using their stolen contact details and support case information.
Why It Matters
This incident represents the third major OAuth-token supply chain attack since August 2025, exposing a systemic vulnerability in how connected third-party applications access corporate CRM systems. The breach is particularly significant because it affected multiple cybersecurity companies simultaneously through a single compromised vendor, demonstrating that legacy or forgotten credentials in SaaS integrations create large-scale attack surfaces that are rarely monitored. For LastPass specifically, this marks another security incident following previous breaches, potentially eroding customer trust in a service designed to protect sensitive password data.
What You Should Do
Be extremely cautious of unsolicited phone calls or emails claiming to be from LastPass or related to your account, especially those requesting personal information or account credentials. Never share your LastPass master password with anyone, as the company states it will never ask for this information. Only trust communications coming through LastPass's official support channels, and be wary of messages from suspicious domains including baccarat.com.au, robinskitchen.com.au, and house.com.au, which the company identified as potentially associated with the attackers.
Summary generated from verified sources and reviewed before publication. How we summarize.