LastPass Third-Party Klue Incident Leads to Salesforce Customer Data Breach
LastPass announced a security incident involving third-party market intelligence platform Klue, where hackers stole multiple OAuth tokens held by Klue, including those for LastPass.
The attackers used these tokens to access LastPass's Salesforce CRM system, potentially leading to the exposure of some customers' names, phone numbers, email addresses, home addresses, and support case business contact information. LastPass products, services, infrastructure, and customer password vaults were not affected, and Gong system data was also not accessed.
LastPass immediately stopped employee access to Klue, rotated exposed API tokens, and is cooperating with Klue, Salesforce, and law enforcement to investigate, while sharing threat intelligence through its TIME team. Users are advised to be vigilant against phishing attacks using the leaked information, as LastPass will never ask for the master password.
Source: Public Information
ABAB AI Insight
LastPass has faced criticism multiple times for supply chain and credential leakage incidents, and despite strengthening security measures after a major password vault breach in 2022, this incident still highlights the persistent risks of relying on third-party Klue's OAuth token management negligence leading to CRM data exposure.
Klue, as an AI market intelligence platform, had its OAuth integration exploited by attackers using legacy credentials, allowing them to steal tokens and horizontally access multiple companies' Salesforce environments, indirectly exposing customer contact data for security vendors like LastPass. This reflects a trend where companies accelerate the adoption of third-party intelligence tools without strict auditing of integration permissions.
Several security companies, including Huntress and Tanium, were also affected by the Klue incident. Previous cases of Salesforce OAuth abuse have led to data breaches for multiple companies. LastPass is currently in a phase of ongoing repair of its historical security image and strengthening third-party risk management.
This fundamentally represents a vulnerability in the supply chain accelerated by regulatory changes and technological substitutions: passwordless integrations like OAuth enhance convenience while lowering attack thresholds, forcing corporate capital to concentrate on stricter zero-trust architectures and internal intelligence tools, thereby reconstructing the security boundaries of third-party dependencies.
ABAB News · Cognitive Law
The more convenient third-party integrations are, the larger the attack surface for supply chain attacks.