LastPass confirms data breach after hacker compromises supply chain — here's what we know

News
By published

Personal data was obtained

LastPass
(Image credit: LastPass)
  • LastPass confirmed a supply chain breach via Klue, where stolen OAuth tokens let attackers access its Salesforce environment
  • Customer names, contact details, and CRM data were exposed, but master passwords were not; phishing risk remains high
  • Threat actor Icarus claimed responsibility; other firms including Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity also impacted

Password manager LastPass confirmed that it lost sensitive customer data in a supply chain attack that struck a third party.

As LastPass explained in a newly released incident report, unnamed threat actors first targeted Klue, a third-party market intelligence platform that integrates with its Salesforce and Gong systems. After obtaining its OAuth tokens, the attackers were able to access LastPass’ Salesforce environment and exfiltrate sensitive data stored there.

“On June 12th, LastPass was made aware of an incident that occurred at Klue (klue.com), a third-party market intelligence platform utilized by our go-to-market teams, which integrates with our Salesforce and Gong systems,” LastPass said.

Latest Videos From

Compromising names and emails

"We immediately launched an investigation and learned that, as part of this incident, an unauthorized actor was able to obtain OAuth tokens Klue held for many of its customers, including LastPass.”

“The threat actor then used these credentials to access LastPass customer data within our Salesforce environment.”

Further in the report, the password manager said the attackers most likely accessed customer names, phone numbers, email addresses, postal addresses, support case information, and sales/CRM-related data.

Passwords, including the master password, were most likely not exposed. However, criminals can use the data they obtained to launch phishing attacks, through which they might trick the victims into sharing those secrets, as well.

LastPass is now urging customers to remain vigilant and be careful with incoming messages, particularly those claiming to come from the company.

According to BleepingComputer, the Klue supply chain attack was claimed by a threat actor called Icarus, which apparently used compromised legacy credentials for an integration service to breach the intelligence platform.

Besides LastPass, a number of other organizations are affected as well, the publication further reported, including Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity. LastPass has now disabled employee access to Klue.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.