• Category: Security
  • Status: confirmed
  • Sources: LastPass blog, SecurityWeek, BleepingComputer, HN
  • Summary: LastPass said it learned on 2026-06-12 of a breach at Klue, a third-party market-intelligence platform its go-to-market teams use that integrates with Salesforce and Gong. An attacker obtained OAuth tokens Klue held for many of its customers and used them to pull LastPass customer data from its Salesforce environment. The exposed data is limited to business contact and CRM records (customer names, phone numbers, email and physical addresses) plus support-case and sales data; LastPass says its products, infrastructure, and customer vaults were not affected. SecurityWeek reports BeyondTrust was hit in the same Klue incident, and that a threat actor calling itself Icarus used a compromised legacy credential to generate OAuth tokens against integrated SaaS platforms.
  • Why it matters: It is another OAuth-token-theft supply-chain campaign against SaaS integrations, the same pattern as earlier Salesforce-connected app token compromises, exposing downstream customer data without touching the victim's core product.
  • Follow-up: Track the full set of Klue customers affected, phishing follow-on against exposed contacts, and any token-scope or rotation guidance from Salesforce-integrated vendors.

Send feedback on this story