LastPass notifies users of yet another data breach - 9to5Mac
Skip to main content
Toggle social menu
Toggle dark mode
Search for:
Submit
Toggle search form
Toggle dark mode
LastPass
LastPass notifies users of yet another data breach
Marcus Mendes | Jun 23 2026 - 2:48 pm PT
3 Comments
LastPass users are once again being warned about stolen personal data, though this time the breach happened through one of the company’s outside partners. Here are the details.
LastPass says password vaults not affected
As reported by TechCrunch, LastPass is emailing users affected by a breach at market research firm Klue, which allowed hackers to access customer information and support case data.
The news came as LastPass shared more information on a blog post, where it explained:
The information accessed was limited to standard business contact information and related customer relationship management (CRM) data, including customer names, phone numbers, email addresses, and physical addresses, as well as support case data and sales-related data.
LastPass said that upon learning about the incident, the company revoked employee access to Klue, rotated the exposed API tokens, notified law enforcement, and launched “a detailed investigation into the scope of the event, working with our contacts at both Klue and Salesforce.”
The company explains that Klue’s platform integrates with Salesforce and Gong systems.
As a result, LastPass is recommending that customers “remain vigilant of potential phishing attacks or social engineering attempts” leveraging the compromised information. LastPass also shared the following IP addresses and email sender domains associated with the attackers, which companies can use to search for related activity in their systems:
IP Addresses:
138.226.246[.]94
94.154.32[.]160
159.183.215[.]61
159.183.181[.]239
Email Sender Domains:
baccarat.com[.]au
robinskitchen.com[.]au
house.com[.]au
This is the latest in a series of security incidents affecting LastPass. In 2015, hackers obtained account email addresses, password reminders, authentication hashes, and cryptographic salts, although LastPass said encrypted vault data was not accessed.
In 2022, an attacker compromised a developer account and stole source code and technical information. The attacker later used that information to access cloud backups containing customer records and encrypted password vaults, along with unencrypted details such as names, billing addresses, email addresses, and phone numbers.
To learn more about the Klue breach and LastPass’s response, follow this link.
Worth checking out on Amazon
Geoffrey Cain – ‘Steve Jobs in Exile’
David Pogue – ’Apple: The First 50 Years’
MacBook Neo
Logitech MX Master 4
AirPods Pro 3
AirTag (2nd Generation) – 4 Pack
Apple Watch Series 11
Wireless CarPlay adapter
FTC: We use income earning auto affiliate links. More.
You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel
Featured
from 9to5Mac<br>9to5Mac Logo
All the best Apple Prime Day deals now live [Updated]
Justin Kahn
Jun 23 2026
iPhone 18 Pro: Three new features that already have me excited
Ryan Christoffel
Jun 23 2026
Should the iPhone Air 2 have an ultrawide or telephoto as the second camera? [Poll]
Ben Lovejoy
Jun 23 2026
Apple and Disney had conversations about merging, says Bob Iger
Ryan Christoffel
Jun 23 2026
Check out 9to5Mac on YouTube for more Apple news:
Comments
Expand<br>Close<br>comments
Expand<br>Close<br>comments
Guides
LastPass
Author
Marcus Mendes
https://www.threads.com/mvcmendes
Marcus Mendes is a Brazilian tech podcaster and journalist who has been closely following Apple since the mid-2000s.
He began covering Apple news in Brazilian media in 2012 and later broadened his focus to the wider tech industry, hosting a daily podcast for seven years.