LastPass says Klue supply-chain breach exposed some customer and support data

LastPass user data stolen by hackers again

Password manager LastPass says a supply chain attack involving third-party vendor Klue exposed customer contact and support information, though customer vaults and stored credentials were not affected.Exposed customer data could fuel phishing attacksAn unauthorized actor accessed LastPass's Salesforce environment using OAuth tokens stolen from third-party vendor Klue. The breach exposed sensitive customer details including names, phone numbers, and support records.The incident was limited to systems integrated with Klue and didn't affect LastPass products, infrastructure, or services.Klue disclosed on June 22 that someone gained access through a compromised legacy credential tied to an integration service. The intrusion led to the theft of OAuth tokens used to connect Klue with third-party platforms, including Salesforce. Continue Reading on AppleInsider | Discuss on our Forums

20 hours ago

LastPass says hackers stole customer data through a supply chain breach at Klue

LastPass is notifying customers that their personal information and customer support case data were stolen after hackers breached Klue, a competitive intelligence vendor that held OAuth tokens granting access to LastPass’s Salesforce environment. The breach did not compromise LastPass’s own infrastructure or its customers’ encrypted password vaults. The stolen data includes names, phone numbers, email […] This story continues at The Next Web

22 hours ago

LastPass confirms data breach in Klue supply chain attack

LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in the Klue supply chain attack earlier this month. [...]

1 day ago