RSS

LastPass confirms data breach in Klue supply chain attack

thm1 pts0 comments

LastPass confirms data breach in Klue supply chain attack

Home<br>News<br>Security<br>LastPass confirms data breach in Klue supply chain attack

LastPass confirms data breach in Klue supply chain attack

By Bill Toulas

June 23, 2026

09:58 AM

LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in the Klue supply chain attack earlier this month.

The password management platform says its products, services, and infrastructure were not affected by the incident and that customer vaults remained secure.

&ldquo;On June 12th, LastPass was made aware of an incident that occurred at Klue (klue.com), a third-party market intelligence platform utilized by our go-to-market teams, which integrates with our Salesforce and Gong systems,&rdquo; LastPass says.

"We immediately launched an investigation and learned that, as part of this incident, an unauthorized actor was able to obtain OAuth tokens Klue held for many of its customers, including LastPass.&rdquo;

&ldquo;The threat actor then used these credentials to access LastPass customer data within our Salesforce environment.&rdquo;

The investigation into the incident did not reveal any evidence that the attacker accessed Gong-related data, which typically includes customer calls and emails.

According to LastPass, the following data may have been exposed:

Customer names

Phone numbers

Email addresses

Physical addresses

Support case information

Sales/CRM-related data

Attackers may leverage the above information in phishing and social engineering attacks. The general recommendation for users is to be cautious of unsolicited communications over the phone or email, especially those that request sensitive details. The master password should not be shared with anyone.

The Klue supply chain attack was claimed by the Icarus extortion group, who compromised the infrastructure of the AI-powered market intelligence platform and stole OAuth tokens that connected customers' Salesforce environments.

Icarus hackers gained access to Klue's infrastructure using compromised legacy credentials for an integration service. This gave them access to OAuth tokens that connected Klue to various third-party services.

The incident impacted multiple organizations, including Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity.

The threat actor exfiltrated Customer Relationship Management (CRM) data and launched an extortion campaign.

LastPass has disabled employee access to Klue, rotated the exposed API/OAuth tokens, and notified law enforcement while the investigation is underway.

The company also warned about the threat actors using the sender domains baccarat.com[.]au, robinskitchen.com[.]au, house[.]com.au, noting that only communications from the official support channels should be trusted.

Test every layer before attackers do

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.<br>The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Related Articles:

Klue OAuth breach victim list grows as Icarus hackers claim attack<br>Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks<br>ShapedPlugin update flow hacked to infect WordPress sites<br>OptinMonster WordPress plugin hacked in CDN supply-chain attack<br>Infinite Campus data breach affects 137,000 school staff accounts

Customer Data

Data Breach

Klue

LastPass

OAuth Tokens

Salesforce

Supply Chain

Supply Chain Attack

Bill Toulas

Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Previous Article

Next Article

Post a Comment Community Rules

You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Upcoming Webinar

Popular Stories

New Prinz Eugen ransomware prioritizes recent files for encryption

Microsoft links Mastra AI supply chain attack to North Korean hackers

AryStinger botnet infected thousands of D-Link routers worldwide

Sponsor Posts

Microsoft 365 doesn’t fully protect your data. See how Acronis Cyber Protect fills the gap.

Prove any CVE is exploitable without firing an exploit. Read the TTP-chaining guide.

Overdue a password health-check? Audit your Active Directory for free

Don't just map the problem with AI agent sprawl, fix it.

CTI Starter Kit + 2026 SANS CTI Survey

Upcoming Webinar

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...

SUBMIT

data klue lastpass attack breach supply

Related Articles

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

Is AI ruining our skills? Early results are in – and they're not good

Michelangelo1124 ptstools skills during physicians colonoscopies tool

The Anatomy of an AI-Native Org

kiyanwang22 ptstranslated managers business translation language engineering

Apertus – Open Foundation Model for Sovereign AI

T-A16 ptsopen model apertus foundation sovereign fully
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.