Skip to content
Tech News
← Back to articles

Another LastPass security breach traces back to a compromised vendor

2026-06-24 | original
read original more articles
Why This Matters

The recent LastPass security incident highlights the growing importance of third-party vendor security, as breaches originating from external partners can compromise customer data without directly affecting the primary service. This underscores the need for robust third-party risk management strategies in the tech industry to protect consumer information and maintain trust. For consumers, it emphasizes the importance of monitoring their data and understanding that security breaches can extend beyond the primary service providers.

Key Takeaways

Joe Hindy / Android Authority

TL;DR LastPass suffered another data incident, but this time the breach originated from third-party vendor Klue rather than LastPass itself.

Hackers stole OAuth tokens from Klue, giving them access to connected Salesforce and Gong environments used by LastPass.

Exposed information includes customer names, contact details, support case records, physical addresses, and some sales data.

LastPass is dealing with yet another security incident, but this time, the company says the problem came from one of its vendors, rather than the infamous breaches it has suffered in the past.

The company has confirmed in a blog post that hackers accessed some customer information after compromising Klue, a third-party competitive intelligence platform used by LastPass’ go-to-market teams. LastPass said it first became aware of the incident on June 12. In an investigation, it was found that attackers gained access to OAuth tokens stored by Klue, which gave them access to connected services used by several customers, including LastPass. The compromised integrations linked Klue to Salesforce and Gong environments used by LastPass.

The exposed details include customer names, email addresses, phone numbers, physical addresses, support case records, and some sales-related data. LastPass stressed that its own infrastructure wasn’t breached and that password vaults, encrypted credentials, and core services remained untouched.

Separately, Klue said the attackers accessed the system using a compromised legacy credential associated with an integration tool. Once inside, threat actors were able to steal customer OAuth tokens and use those tokens to extract data from connected cloud platforms. Since then, the company has revoked affected credentials, disabled several integrations, and removed the malicious access from its systems.

Salesforce’s security team also had to step in after seeing suspicious activity and disabled Klue’s app connection. The CRM giant said the problem was with the third-party app and not due to a vulnerability in Salesforce itself.

For LastPass users, the company says no action is required to protect stored passwords because vault data was not involved. However, affected customers should be more vigilant. Attackers can use contact information and support tickets to launch phishing attempts and social engineering campaigns.

... continue reading

Explore topics: lastpass klue oauth tokens salesforce gong
Related:
India’s MoEngage bets that the future of marketing is millions of AI agents
LastPass notifies users of yet another data breach
Scope of Salesforce Attacks Expands as Icarus Leaks Data
Klue says hackers stole credential from 2022 that led to customer data breaches
Password manager maker LastPass says hackers stole customer support case data during Klue breach

© 2026 GoKawiil

About | Editorial Policy | Contact