THE CIRCUITRYYour one-stop source for all tech news

Home/Tech/LastPass confirms customer data accessed in Klue supply chain incident

VERIFIEDBy Xavier Rivera· ·1.5 min read

LastPass confirms customer data accessed in Klue supply chain incident

LastPass confirmed that customer names, phone numbers, addresses, support cases, and CRM data stored in Salesforce were accessed after Icarus stole OAuth tokens in the Klue supply chain attack on June 12. Core products, vaults, and Gong data stayed secure while multiple firms face heightened phishing risks.

Source:BleepingComputer

Post

LastPass confirms customer data accessed in Klue supply chain incident

TL;DRAI · 60 sec read

LastPass disclosed that unauthorized parties reached customer information held in its Salesforce setup after obtaining the firm's OAuth tokens during the Klue supply chain attack earlier this month.

LastPass discloses the breach details. The password management company reported becoming aware of the Klue event on June 12 and promptly started an investigation. According to the firm, "an unauthorized actor was able to obtain OAuth tokens Klue held for many of its customers, including LastPass." Those credentials reportedly allowed access to LastPass customer data inside the Salesforce environment. The company stressed that its products, services, infrastructure, and customer vaults stayed untouched, with the probe finding no sign of access to Gong-linked records such as calls or emails.

an unauthorized actor was able to obtain OAuth tokens Klue held for many of its customers, including LastPass.

Exposed data types identified. Information that may have been viewed includes customer names, phone numbers, email addresses, physical addresses, support case details, and sales or CRM-related records. LastPass noted that attackers could exploit these details for phishing or social engineering. The firm urged caution with unexpected calls or messages that seek private information and warned against sharing master passwords with anyone.

From The CircuitryThe Feed — live briefs across tech, all day.See what’s happening →

Klue attack linked to Icarus group. The supply chain compromise was claimed by the Icarus extortion group, which breached the AI-powered market intelligence platform and took OAuth tokens used to link customer Salesforce environments. Multiple entities were hit, among them Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity. The intruders extracted CRM data and began an extortion effort.

LastPass noted that attackers could exploit these details for phishing or social engineering.

Response measures and warnings issued. LastPass has cut employee access to Klue, rotated the exposed API and OAuth tokens, and contacted law enforcement as the inquiry proceeds. The company cautioned that the operators are sending messages from domains such as baccarat.com[.]au, robinskitchen.com[.]au, and house[.]com.au, adding that only official support channels can be trusted.

Broader implications for supply chain risks. Security teams continue to examine third-party integration weaknesses that tie into enterprise CRM platforms. The incident also affected other organizations beyond LastPass.

EXPERT TAKE

This incident underscores the persistent danger of OAuth token theft in supply chain compromises, where a single compromised integration can expose Salesforce data across dozens of security vendors without touching core product systems.

Why this mattersAI · ~100 words

Tap a lens to see what this story means for you.

Reader-supported

DonateBuy me a coffee →Follow@thecircuitry_ →Follow@thecircuitry.to →

Reader-supported · Daily Brief

Daily brief at 7 AM ET. Top tech stories, every morning. Sourced and fact-checked.

HELP US IMPROVE

Reader-supported

The Circuitry is a passion project I've always wanted to build, and I love the work behind it.

Running it costs real money. APIs, hosting, time. To keep improving the site and growing this into something useful for everyone, those costs have to be covered.

Any contribution is appreciated. If not, no pressure. Thanks for reading.

Buy me a coffee

LastPass DataBreach SupplyChainAttack Cybersecurity

MORE IN TECH

Tesla acknowledges Full Self-Driving was active before fatal Texas home crash

Tesla confirms its Full Self-Driving system was engaged when a Model 3 accelerated to 73 mph off a Katy, Texas, residential road and into a home, killing a 76-year-old woman. The company blames the driver for manually overriding at 100 percent accelerator pressure and questions its own liability.

Tech Selloff Spreads Globally as Futures Slide

U.S. stock futures dropped sharply Tuesday morning as a technology selloff spread from Wall Street to Asia and Europe. Major semiconductor names, storage stocks, and SpaceX led the declines while benchmark indexes across the globe closed lower.

Oracle's workforce shrinks by 21,000 amid AI-driven restructuring

Oracle reduced its global headcount by 21,000 to approximately 141,000 as of May 31, 2026, citing AI adoption among the factors. The job cuts freed resources for data-center construction serving clients including OpenAI and mirror similar workforce reductions at Microsoft and Meta.