Published 1 day ago • loading... • Updated 9 hours ago

LastPass User Data Stolen by Hackers Again

LastPass is warning users about a data breach involving partner Vancouver-based Klue, which detected the incident on June 12 and disclosed it last Friday, exposing customer information and support case data.
Klue confirmed hackers used a legacy credential dating to 2022 from a limited pilot program to infiltrate its systems, exploiting OAuth tokens to access customer data stored in external clouds and databases.
A hacking group called Icarus claimed responsibility for the breach, threatening to release stolen CRM data, support cases, and business contact information including customer names, phone numbers, and email addresses if ransom demands go unpaid.
After learning of the incident, LastPass revoked employee access to Klue and rotated exposed API tokens, while recommending customers "remain vigilant of potential phishing attacks or social engineering attempts."
Klue spokesperson Katie Berg stated the company is conducting a "comprehensive review of credential management, vendor-access controls, monitoring capabilities, and deployment security processes," though questions remain as the investigation continues.

Insights by Ground AI

Podcasts & Opinions

Podcast Mention

CyberWire Daily

Daily Cybersecurity and Tech News podcast featuring Dave Bittner, Rick Howard and David Moulton

Klue me in on the breach.

CyberWire Daily discuss LastPass–Klue breach exposing customer contact and support-case data while password vaults remain secure

5 hours ago

Listen to Full Episode Full Episode Unlock Timestamp

Get Vantage — Podcasts, Ratings, Timestamps

Podcasts & Opinions

34 Articles

Mashable

Left

LastPass data breach confirmed: Everything we know so far

A security breach at a third-party vendor has exposed customer data belonging to LastPass, the company confirmed this week, in the latest incident to put the beleaguered password manager back in the spotlight.LastPass confirmed this week that hackers gained access through a company called Klue, a market intelligence tool that LastPass uses internally to track competitors and manage sales relationships. According to LastPass, an unauthorized acto…

10 hours ago·New York, United States

Read Full Article

ZDNet

Center

LastPass hit by new data breach - 4 steps you should take now

A third-party supplier breach has exposed LastPass customer names, phone numbers, and other data. Here's how to protect yourself.

11 hours ago·New York, United States

Read Full Article

Tech Spot

Center

LastPass customer names, emails, and support records stolen in third-party breach, vaults unaffected

The good news for anyone still using LastPass after its previous security disasters is that this was not a compromise of the company's password manager infrastructure. LastPass says customer vaults remain secure, and its products and services were not affected.Read Entire Article

12 hours ago

Read Full Article

PC Mag

Lean Left

LastPass Breached Once Again, Hackers Gain Access to Sensitive Customer Data

Though the breached occurred at a third-party service provider, hackers used that access to steal LastPass customers' contact info and physical addresses.

14 hours ago·New York, United States

Read Full Article

Sapo

Lean Right

LastPass Falls Back Into the Hands of Hackers! Stolen Customer Data

LastPass has suffered another data breach. Cybercriminals have explored a vulnerability in Klue, a company service provider, to access customer information about the password manager.

17 hours ago·Portugal

Read Full Article

Digital Trends

Center

LastPass suffers another data breach, but this time your password vault is safe

LastPass has confirmed that customer names, contact details, and support case records were exposed in a breach at Klue, though the company says password vaults remain secure.

18 hours ago·Portland, United States

Read Full Article

Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/year