LastPass Confirms Customer Data Breach After Klue OAuth Token Theft
ID: f021c84f-703c-5773-a960-25fe14218386
STIX ID: report--f021c84f-703c-5773-a960-25fe14218386
Feed Name: HackRead
Threat Score
LastPass confirmed that the Klue supply-chain compromise allowed an unauthorized actor (identified as the Icarus extortion group) to harvest stolen OAuth tokens from Klue and use them to access and copy CRM data from LastPass's Salesforce environment; LastPass rotated tokens, cut employee access to Klue, published IOCs, and advised customers to review integrations and watch for phishing and social-engineering attempts.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
