LastPass customer data exposed in third-party breach at Klue

The compromised data includes names, phone numbers, email addresses, physical addresses, and details from customer support tickets. LastPass confirmed that its internal systems and encrypted password vaults were not accessed during the incident, which was traced back to Klue’s systems. The market research firm disclosed the breach last week, noting that attackers gained access to its environment on June 12.

Other cybersecurity firms, including HackerOne, Recorded Future, and Tanium, have also reported data thefts stemming from the Klue incident. The hacking group Icarus has claimed responsibility and is threatening to leak the stolen information if a ransom is not paid. While LastPass, which serves over 33 million users, has not disclosed the number of affected customers, the nature of the compromised support data raises concerns, as such records often contain sensitive billing details or identity documentation.

This event follows a major 2022 security failure at LastPass, where attackers stole the company’s entire repository of customer password vaults. That earlier breach led to successful brute-force attacks against accounts with weak master passwords, resulting in subsequent cryptocurrency thefts. Klue CEO Jason Smith has yet to provide details on the total number of victims or the company's response to the extortion demands.