Following a data breach involving the market research firm Klue, users of LastPass are being alerted to potential risks regarding their personal information. The breach permitted unauthorized access to customer information and support case data.
LastPass has begun notifying affected users via email, detailing that the compromised data includes customer names, phone numbers, email addresses, and physical addresses, alongside some sales-related information. In response to the incident, LastPass swiftly revoked employee access to Klue, rotated API tokens, and initiated a thorough investigation while collaborating with law enforcement.
The platform used by Klue integrates with both Salesforce and Gong systems, prompting LastPass to advise users to stay cautious of possible phishing attempts that may exploit the stolen data. The company has also shared specific IP addresses and email domains linked to the attackers for businesses to monitor for related activities.
This breach marks another security challenge for LastPass, following previous incidents in 2015 and 2022, which involved unauthorized access to user accounts and sensitive data.