Credit: Joe Hindy / Android Authority
TL;DR
- LastPass suffered another data incident, but this time the breach originated from third-party vendor Klue rather than LastPass itself.
- Hackers stole OAuth tokens from Klue, giving them access to connected Salesforce and Gong environments used by LastPass.
- Exposed information includes customer names, contact details, support case records, physical addresses, and some sales data.
LastPass is dealing with yet another security incident, but this time, the company says the problem came from one of its vendors, rather than the infamous breaches it has suffered in the past.
The company has confirmed in a blog post that hackers accessed some customer information after compromising Klue, a third-party competitive intelligence platform used by LastPass’ go-to-market teams. LastPass said it first became aware of the incident on June 12. In an investigation, it was found that attackers gained access to OAuth tokens stored by Klue, which gave them access to connected services used by several customers, including LastPass. The compromised integrations linked Klue to Salesforce and Gong environments used by LastPass.
​Â
