Klue Security Incident Impacts LastPass, Customer Phone Numbers, and CRM Data Breach

BlockBeats News, June 24, password management tool LastPass announced that its third-party market intelligence platform Klue experienced a security incident. Hackers stole OAuth tokens held by Klue, including LastPass, and used these tokens to access LastPass's Salesforce CRM system, resulting in the potential exposure of some customer business contact information and CRM data, including customer names, phone numbers, email addresses, home addresses, and support case details.

Official reminder: LastPass's products, services, infrastructure, and customer password vaults were not affected. The Gong system data was also not accessed. LastPass took immediate action, including halting employee access to Klue, rotating exposed API tokens, conducting a thorough investigation in collaboration with Klue, Salesforce, and law enforcement, sharing threat intelligence with the security community via the TIME team, and enhancing future protections. Users are advised to remain vigilant against phishing emails, calls, or social engineering attacks that may exploit the leaked information and to remember that LastPass will never ask for the master password. All official communications are sent through trusted channels.