LastPass has issued a warning to its users regarding a data breach that occurred through one of its external partners, Klue. This incident has raised concerns about the security of personal data, although LastPass confirmed that password vaults remain unaffected.
Details of the Breach
According to a report by TechCrunch, LastPass is notifying users whose information may have been compromised due to unauthorized access to customer information and support case data at Klue. The data accessed includes standard business contact information such as customer names, phone numbers, email addresses, and physical addresses, along with support case and sales-related data.
Response from LastPass
Upon discovering the breach, LastPass took immediate action by revoking employee access to Klue, rotating the exposed API tokens, and notifying law enforcement. The company has also initiated a detailed investigation into the incident, collaborating with both Klue and Salesforce, as Klue’s platform integrates with these systems.
Potential Risks for Users
LastPass has advised its customers to remain vigilant against potential phishing attacks or social engineering attempts that may exploit the compromised information. The company has provided specific IP addresses and email sender domains associated with the attackers for users to monitor related activity in their systems:
IP Addresses: 138.226.246[.]94, 94.154.32[.]160, 159.183.215[.]61, 159.183.181[.]239
Email Sender Domains: baccarat.com[.]au, robinskitchen.com[.]au, house.com[.]au
Historical Context
This incident marks another chapter in a series of security challenges faced by LastPass. In 2015, hackers accessed account email addresses, password reminders, authentication hashes, and cryptographic salts, although LastPass stated that encrypted vault data was not compromised. More recently, in 2022, a developer account was compromised, leading to the theft of source code and technical information, which enabled access to cloud backups containing customer records and unencrypted details such as names, billing addresses, email addresses, and phone numbers.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
