← Back to news

LastPass confirms data breach in Klue supply chain attack

BleepingComputer23/06/2026, 13:58
Read full article →

Summary

AI-Generated

Key Points:

  • LastPass confirmed a data breach resulting from the Klue supply chain attack, where hackers accessed customer data via stolen OAuth tokens.
  • The incident primarily affected LastPass's Salesforce environment, but customer vaults remained secure. However, exposed data may be leveraged for phishing and social engineering attacks.
  • Users are advised to be cautious of unsolicited communications and to avoid sharing their master passwords. LastPass has taken steps to mitigate the impact by disabling access to Klue and rotating exposed tokens.

Technical Details: The breach involved the Icarus extortion group exploiting compromised legacy credentials to access Klue's infrastructure, which allowed them to steal OAuth tokens linked to various third-party services, including Salesforce.

MITRE ATT&CK Techniques:

  • T1078 - Valid Accounts (Defense Evasion)
  • T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)

IOCs Mentioned:

  • Sender domains: baccarat.com.au, robinskitchen.com.au, house.com.au

Join the discussion — sign up to comment, upvote, and save articles.

Discussion

or to comment
Loading...

Loading comments...

Join 5,000+ security professionals

Get access to curated threat intel, upvote articles, join discussions, and build your karma in the SOC community.