LastPass, a password manager maker, is informing customers of a recent security breach at third-party market intelligence platform Klue, and how it impacts its customers, according to a recent blog post.
Fast Company has reached out to LastPass for additional information.
A subsidiary of Boston-based LogMeIn, LastPass, which, creates and stores complex passwords in encrypted wallets, is one of a number of several cybersecurity companies affected by the Klue hack which includes Gong, Jamf, HackerOne, Insurity, OneTrust, Recorded Future, Snyk, Sprout Social, and Tanium, per TechCrunch.
Here’s what to know.
What happened?
On June 12, Klue informed LastPass of the data breach, and upon immediately launching an investigation, learned that “an unauthorized actor was able to obtain OAuth tokens Klue held for many of its customers, including LastPass.”
Klue’s platform integrates with both Salesforce and Gong systems.
The hackers used these credentials to access LastPass customer data “within [its] Salesforce environment . . . and the exposed Klue OAuth tokens have since been rotated.” (Salesforce databases can be a target for hackers because many companies store customer information there, according to TechCrunch.)
LastPass confirmed the hackers were able to steal sensitive customer data such as “names, phone numbers, email addresses, physical addresses, as well as support case data and sales-related data” from Klue.
However, “LastPass products, services, and infrastructure were not impacted in any way, and customer vaults remain secure,” it says.
The incident comes just four years after LastPass’ previous data breach. In 2022, hackers stole its customers’ encrypted passwords, which resulted in a payout $24.5 million to those affected, per PCMag.
What LastPass customers can do
Lastpass recommends customers remain vigilant of potential phishing attacks or social engineering attempts, which could leverage exposed contact details. Always exercise caution regarding unsolicited communications, including emails, phone calls, or requests for sensitive information.
The company also shared the following IP addresses and email sender domains associated with the attack:
IP addresses:
- 138.226.246[.]94
- 94.154.32[.]160
- 159.183.215[.]61
- 159.183.181[.]239
Email sender domains:
- baccarat.com[.]au
- robinskitchen.com[.]au
- house.com[.]au
Customers who have additional questions can contact support.lastpass.com or securitydisclosure@lastpass.com.