LastPass confirmed that customer contact and support data was exposed in a supply chain breach involving Klue, after attackers stole OAuth tokens and used them to access Salesforce records. The company says its vaults and infrastructure were not affected, while the incident also impacted other Klue customers including Recorded Future, Tanium, Jamf, and Sprout Social. #LastPass #Klue #Salesforce #Icarus
Keypoints
- LastPass confirmed data theft tied to the Klue supply chain breach.
- Stolen OAuth tokens were used to access Salesforce through a trusted integration.
- Exposed data included names, emails, phone numbers, addresses, and support records.
- LastPass says customer vaults and internal infrastructure were not compromised.
- Other affected Klue customers include Recorded Future, Tanium, Jamf, and Sprout Social.
Read More: https://securityonline.info/lastpass-klue-breach/