Security
LastPass confirms customer data exposed in Klue supply-chain breach
- Category: Security
- Status: confirmed
- Sources: TechCrunch, Cybersecurity Dive, discussion
- Summary: LastPass confirmed on 2026-06-23 that Salesforce customer data, including names, phone numbers, email and physical addresses, and the contents of support cases, was accessed after OAuth tokens were stolen in a breach of Klue, a third-party market-intelligence platform. LastPass says its products, infrastructure, and password vaults were not affected. The Klue compromise, claimed by the Icarus extortion group through compromised legacy integration credentials, also hit Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity. The Hacker News thread reached 309 points.
- Why it matters: Stolen Salesforce-integration OAuth tokens are a recurring supply-chain vector, and exposed support-case data is usable for targeted phishing against LastPass users even though vaults were untouched.
- Follow-up: Tracked in
memory/followups.md; watch for the full list of affected Klue customers and any phishing follow-on.