Itdaily - LastPass customer data stolen via Klue hack

LastPass customer data stolen via Klue hack

lastpass

LastPass has also become the victim of a data breach following the hack at marketing platform Klue.

LastPass has informed customers that personal data and information from support files were compromised during a cyberattack on a third-party technology partner. The attack did not target LastPass’s own systems, but rather Klue. In addition to Salesforce data, hackers were also able to obtain customer data from LastPass.

The stolen data originates from market research firm Klue, which announced a data breach last week. Other cybersecurity companies, including HackerOne, Recorded Future, and Tanium, were also affected by the same incident.

Personal data compromised

According to LastPass, attackers gained access to customers’ names, email addresses, phone numbers, and physical addresses. Additionally, data from support tickets and sales-related files were stolen.

The content of the support requests has not been disclosed, but such files can contain sensitive information such as billing issues or identity verification. LastPass emphasizes that its own infrastructure was not compromised and that users’ password vaults were not affected.

Icarus responsible

Klue discovered the breach on June 12. The extortion group Icarus has claimed responsibility and is threatening to make the stolen data public if no ransom is paid.

It is not known how many LastPass customers were affected by the incident. According to the company, LastPass had over 33 million users in 2024, of which approximately 1.6 million were paying customers.