Source linked

LastPass Breach Via Klue Exposes CRM Data, IPs Given Out

9to5mac.com@bold_wolf4 hours ago·Cybersecurity·3 comments

Hackers accessed customer names, emails, addresses, and support case data through LastPass's third-party market research partner Klue. LastPass shared attacker IPs and domains for threat hunting.

lastpasskluesalesforcegongdata breachsupply chain attack

LastPass suffered its third major data breach in a decade, this time through a market research partner's Salesforce integration. Customer names, phone numbers, email addresses, physical addresses, and support case data are now in attackers' hands.

What leaked and what didn't The breach happened at Klue, a competitive intelligence platform that LastPass used for CRM and sales data. Klue integrates with Salesforce and Gong. Hackers accessed “standard business contact information” plus support case and sales-related records, according to LastPass's blog post. Encrypted password vaults were not affected, but the exposed phone numbers and addresses make social engineering attacks much easier. LastPass says it revoked employee access to Klue, rotated exposed API tokens, notified law enforcement, and launched a joint investigation with Klue and Salesforce.

Attacker indicators you can use now LastPass published four IP addresses associated with the attackers: 138.226.246 94, 94.154.32 160, 159.183.215 61, and 159.183.181 239. It also shared three email sender domains: baccarat.com au, robinskitchen.com au, and house.com au. If you run a security operations center, feed these into your SIEM and email gateways. These are concrete IOCs from a confirmed incident.

The pattern: third-party risk keeps biting LastPass In 2015, hackers grabbed account email addresses, password reminders, and hashed authentication data. In 2022, a developer account compromise led to cloud backups containing encrypted vaults plus unencrypted names and billing addresses. Now a partner's API integration leaks CRM data. Each time, LastPass swears the vaults themselves remain safe, but the blast radius of exposed metadata grows more detailed with every breach. Klue is the new vector, but the root cause is the same: LastPass's dependency on third-party platforms without isolating sensitive customer data. Until that changes, users should expect more notifications like this one.

Source: LastPass notifies users of yet another data breach
Domain: 9to5mac.com

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
Bluekit Phishing Kit Now Streams Login Pages in Real Time via Browser-in-the-Middle

Bluekit's upgrade uses the legitimate rrweb library to stream live browser sessions, letting attackers grab valid session tokens while victims log into real sites.

TRM Labs Traces $3.84 Billion in CoinEx-Iran Flows; Exchange Denies

Blockchain analytics firm TRM Labs says CoinEx handled $2.7 billion with sanctioned Iranian exchange Nobitex alone. CoinEx disputes the findings, calling them unreliable.

Cellebrite's UFED cracked an activist's iPhone 12 months after it claimed to have cut Russia off

Citizen Lab confirmed Russian authorities used Cellebrite's UFED on Andrey Pivovarov's iPhone 12 in June 2021, three months after the company said it had terminated all sales and services to Russia.

AISLE Unearths 6 Curl CVEs, Including the Oldest Bug Since 2001

AISLE's autonomous vulnerability detection found 6 of the 18 CVEs in curl 8.21.0, one dating back 25 years to version 7.7.

Comments load interactively on the live page.