LastPass Data Breach: Klue Supply Chain Attack Exposes Customer Info

Anuj June 24, 2026
www.news4hackers.com-beyondtrust-and-lastpass-affected-by-klue-salesforce-security-breach-beyondtrust-and-lastpass-affected-by-klue-salesforce-security-breach-2
Post Views: 7

LastPass revealed that unauthorized entities exploited OAuth tokens compromised during a supply chain attack targeting Klue, a market intelligence platform, to access customer data stored in its Salesforce environment.

Overview of the Breach

LastPass disclosed that on June 12, it became aware of an incident involving Klue, a third-party service used by its go-to-market teams for integration with Salesforce and Gong systems. An investigation determined that an unauthorized actor obtained OAuth tokens held by Klue for multiple customers, including the company itself.

Details of the Incident

The breach was confined to systems connected to Klue’s platform and did not impact LastPass’s products, services, infrastructure, or customer vaults. Exposed data included standard business contact information and CRM records such as customer names, phone numbers, addresses, physical locations, support case details, and sales-related data.

Response and Mitigation

LastPass terminated employee access to Klue, rotated compromised API tokens, and collaborated with Klue and Salesforce to investigate the incident. Law enforcement was notified, and indicators of compromise, including IP addresses and sender domains, were disclosed.

Previous Breach and Ongoing Risks

LastPass previously experienced a significant breach in 2022, where attackers accessed customer password vault backups. Three years later, TRM Labs linked cryptocurrency thefts to credentials obtained from these stolen vaults, with on-chain evidence suggesting potential involvement by Russian-speaking threat actors.

Impact on Third-Party Vendors

The Klue breach triggered disclosures from multiple security vendors, including Huntress, which described the incident as a “security domino effect” stemming from a compromised integration credential that led to data theft across connected platforms like Salesforce. Other affected entities, such as Recorded Future, Tanium, and Jamf, also issued statements detailing their exposure.

Extortion Group Claims Responsibility

An extortion group named “Icarus,” active since late April 2026, claimed responsibility for the attack on its data leak site. Klue CEO Jason Smith stated that the incident was restricted to affected third-party platforms and that no customer data stored within Klue’s system was compromised.

“The incident was restricted to affected third-party platforms and that no customer data stored within Klue’s system was compromised,” said Klue CEO Jason Smith.

Industry Warnings and Recommendations

Huntress noted that Icarus is likely to continue leaking data from compromised organizations and exert pressure for ransom payments. Klue did not disclose whether it had engaged with the attackers or planned to negotiate. The incident highlights the risks of supply chain vulnerabilities, with attackers leveraging compromised credentials to infiltrate interconnected systems.

Call to Action for Organizations

Organizations are urged to review their third-party integrations and strengthen access controls to mitigate similar risks. LastPass warned that this information could be leveraged for phishing or social engineering campaigns and advised customers to remain vigilant against unsolicited communications, emphasizing that the company would never request master passwords.



About Author

Anuj

See author's posts

More Stories

www.news4hackers.com-beyondtrust-and-lastpass-affected-by-klue-salesforce-security-breach-beyondtrust-and-lastpass-affected-by-klue-salesforce-security-breach

BeyondTrust and LastPass Affected by Klue-Salesforce Security Breach

Anuj June 24, 2026
www.news4hackers.com-ai-s-impact-on-cybersecurity-building-a-strategic-human-firewall-ai-s-impact-on-cybersecurity-building-a-strategic-human-firewall

AI’s Impact on Cybersecurity: Building a Strategic Human Firewall

Anuj June 24, 2026
www.news4hackers.com-phishing-scams-through-online-delivery-services-explained-phishing-scams-through-online-delivery-services-explained

Phishing Scams Through Online Delivery Services Explained

Anuj June 10, 2026

Latest Cyber Security News

www.news4hackers.com-whatsapp-cyber-scam-costs-mumbai-firms-rs-3-48-crore-in-remote-access-fraud-whatsapp-cyber-scam-costs-mumbai-firms-rs-3-48-crore-in-remote-access-fraud-4

DraftKings Hacker Sentenced to 18 Months: Legal Consequences

Anuj June 24, 2026
www.news4hackers.com-whatsapp-cyber-scam-costs-mumbai-firms-rs-3-48-crore-in-remote-access-fraud-whatsapp-cyber-scam-costs-mumbai-firms-rs-3-48-crore-in-remote-access-fraud-3

AEV vs BAS vs Pentesting: Choosing the Right Security Validation Solution for Your Business

Anuj June 24, 2026
www.news4hackers.com-whatsapp-cyber-scam-costs-mumbai-firms-rs-3-48-crore-in-remote-access-fraud-whatsapp-cyber-scam-costs-mumbai-firms-rs-3-48-crore-in-remote-access-fraud-2

Why Continuous Agent Recruitment is Essential for Team Success

Anuj June 24, 2026
www.news4hackers.com-whatsapp-cyber-scam-costs-mumbai-firms-rs-3-48-crore-in-remote-access-fraud-whatsapp-cyber-scam-costs-mumbai-firms-rs-3-48-crore-in-remote-access-fraud-1

Cisco Unified CM Vulnerability (CVE-2026-20230) Exploited for Webshell Attacks

Anuj June 24, 2026
www.news4hackers.com-whatsapp-cyber-scam-costs-mumbai-firms-rs-3-48-crore-in-remote-access-fraud-whatsapp-cyber-scam-costs-mumbai-firms-rs-3-48-crore-in-remote-access-fraud

WhatsApp Cyber Scam Costs Mumbai Firms Rs 3.48 Crore in Remote Access Fraud

Anuj June 24, 2026
en_USEnglish
en_USEnglish