Customers of LastPass are facing potential exposure of their personal information following a recent breach at market research firm Klue. Hackers accessed sensitive data, including names, phone numbers, email addresses, and physical addresses, alongside customer support case records. This incident is part of a broader trend affecting multiple cybersecurity firms, with HackerOne, Recorded Future, and Tanium also reporting similar thefts.
LastPass confirmed that its own systems remained secure, including customer password vaults. The company has over 33 million users, with approximately 1.6 million paying customers as of 2024. Previous breaches have raised concerns about the security of customer support tickets, which may contain sensitive information, including government-issued IDs and credentials.
The breach at Klue was disclosed last week, and although the exact number of affected customers has not been revealed, it marks another significant incident in an ongoing series of data breaches faced by LastPass. The company previously suffered a data compromise in 2022 when hackers stole the entire store of customer password vaults, which can lead to further security risks if not properly managed.