LastPass Reports Data Breach via Third-Party AI Firm
5 reported
A WIRED report this week details a data breach affecting LastPass customers, resulting from an attack on the AI business intelligence firm Klue. Attackers compromised access tokens for Klue customers, including LastPass, and used them to grab data from Salesforce and other integrated platforms. The stolen information includes names, phone numbers, email addresses, physical addresses, support case data, and sales-related data. LastPass emphasized that the situation was not a breach of its own infrastructure and did not affect password vaults. The company recommended that customers remain vigilant against potential phishing attacks or social engineering attempts that could leverage the exposed contact details. This incident adds to a string of significant data breaches the password manager has experienced over the years.
What’s reported
The breach was the result of an attack on the AI business intelligence firm Klue.
Attackers compromised access tokens for Klue customers, including LastPass.
Stolen data includes names, phone numbers, email addresses, physical addresses, support case data, and sales-related data.
LastPass stated the breach did not affect its own infrastructure or password vaults.
LastPass advised customers to watch for phishing or social engineering attempts using the exposed contact details.
Key figures
LastPass (company)
Klue (AI business intelligence firm)
Sources: Wired
