LastPass confirmed that customer information was stolen in a cyberattack targeting Klue, a third-party competitive intelligence platform used by the password management company. The incident highlights the growing cybersecurity risks associated with software supply chains and third-party integrations.
Klue indicated that their system was compromised, and the OAuth tokens were harvested, which gave the attackers the ability to access their customers’ environment. Such credentials were used to access the Salesforce platform, which hosted LastPass information. Cybersecurity analysts claim that such information can be used by hackers to carry out phishing, impersonation, and other social engineering attacks.
Reportedly, the attackers accessed customer data stored in Salesforce. The leaked data may include names, email addresses, phone numbers, billing information, organizational details, and customer service interactions.
Although the company hasn’t provided any specifics on how many customers have been affected by this data breach, it is currently notifying affected customers and investigating the incident.
LastPass further explained, “Password management products, services, and internal infrastructure were not compromised during the incident. Customer vaults remain secure, and there’s no evidence that attackers accessed information through its Gong integration.”
The firm noted that its critical infrastructure was not compromised during the incident. As mentioned on LastPass's official website, there is no evidence that the attackers were able to penetrate the vaults containing the encrypted credentials and master passwords.
Moreover, the production environment was not affected by the breach. LastPass stated that customer vault data remains protected by its encryption architecture despite the exposure of certain customer account information.
This event is another example of a supply chain cyberattack targeting one of the top players in the technology industry. Hackers often target software companies since a single security breach can give them access to multiple companies' infrastructure. Reports have linked the broader Klue compromise to the Icarus extortion group.
Also read: Commvault Expands Middle East Footprint: Partners with UAE Cybersecurity