GoKawiilLastPass users are once again being warned about stolen personal data, though this time the breach happened through one of the company’s outside partners. Here are the details.
LastPass says password vaults not affected
As reported by TechCrunch, LastPass is emailing users affected by a breach at market research firm Klue, which allowed hackers to access customer information and support case data.
The news came as LastPass shared more information on a blog post, where it explained:
The information accessed was limited to standard business contact information and related customer relationship management (CRM) data, including customer names, phone numbers, email addresses, and physical addresses, as well as support case data and sales-related data.
LastPass said that upon learning about the incident, the company revoked employee access to Klue, rotated the exposed API tokens, notified law enforcement, and launched “a detailed investigation into the scope of the event, working with our contacts at both Klue and Salesforce.”
The company explains that Klue’s platform integrates with Salesforce and Gong systems.
As a result, LastPass is recommending that customers “remain vigilant of potential phishing attacks or social engineering attempts” leveraging the compromised information. LastPass also shared the following IP addresses and email sender domains associated with the attackers, which companies can use to search for related activity in their systems:
IP Addresses: 138.226.246[.]94
94.154.32[.]160
... continue reading