logo

LastPass Confirms Customer Data Breach After Klue OAuth Token Theft

ID: f021c84f-703c-5773-a960-25fe14218386

STIX ID: report--f021c84f-703c-5773-a960-25fe14218386

Feed Name: HackRead

Threat Score
75/100

Date Published: 2026-06-23

Date Updated: 2026-06-24

Author: Waqas

...
...

LastPass confirmed that the Klue supply-chain compromise allowed an unauthorized actor (identified as the Icarus extortion group) to harvest stolen OAuth tokens from Klue and use them to access and copy CRM data from LastPass's Salesforce environment; LastPass rotated tokens, cut employee access to Klue, published IOCs, and advised customers to review integrations and watch for phishing and social-engineering attempts.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.