LastPass experiences another data breach; however, your password vault remains secure this time.

LastPass experiences another data breach; however, your password vault remains secure this time.

      The company has stated that hackers gained access to customer names, contact information, and support records through a third-party vendor, rather than through LastPass' internal systems.

      If you've ever sent a support ticket to LastPass, that conversation may now be with the hackers. As reported by TechCrunch, the password manager has acknowledged that a recent breach at one of its external partners exposed customer names, contact information, and support case records.

      What was obtained by the hackers, and what was not

      LastPass confirmed that its systems were not compromised and that users’ password vaults remain intact. Instead, the compromised data was accessed via Klue, a market research firm that collaborates with LastPass.

      While no passwords were taken, the hackers exploited their access to Klue’s network to retrieve customer information, including phone numbers, email addresses, physical addresses, and details from support tickets.

      In a blog post addressing the incident, the company emphasized that the breach did not impact encrypted password vaults, master passwords, or any credentials stored within LastPass itself. Nonetheless, the exposed data could still be valuable to attackers, who might use it for phishing or social engineering tactics.

      An outdated credential opened the gateway

      The LastPass breach is linked to a broader security incident at Klue, which revealed that attackers accessed the network using a credential associated with a pilot project from 2022. TechCrunch reports that this credential remained active, allowing entry into Klue’s systems.

      Klue has stated that attackers accessed customer data related to its services, affecting multiple organizations that relied on their platform. In addition to LastPass, Gong, Jamf, HackerOne, Insurity, OneTrust, Recorded Future, Snyk, Huntress, Sprout Social, and Tanium were also impacted.

      For LastPass, this represents the second occasion where its users' data has been involved in a breach. A previous breach in 2022 exposed encrypted password vaults linked to cryptocurrency theft. This recent exposure did not involve vault data or passwords, yet it underscores the potential impact of a security breach at a third-party vendor on customers who may not have had direct interaction with that vendor.

LastPass experiences another data breach; however, your password vault remains secure this time. LastPass experiences another data breach; however, your password vault remains secure this time. LastPass experiences another data breach; however, your password vault remains secure this time. LastPass experiences another data breach; however, your password vault remains secure this time. LastPass experiences another data breach; however, your password vault remains secure this time. LastPass experiences another data breach; however, your password vault remains secure this time.

Other articles

Apple suppliers rush to Hong Kong: $4 billion in just one week Apple suppliers rush to Hong Kong: $4 billion in just one week Apple suppliers Luxshare and Lingyi are competing to secure funding in Hong Kong, amassing billions to shift their focus from smartphone components to AI hardware and humanoid robots. At $684, the Pixel 10 Pro is the top phone deal I've come across this Prime Day, and it's challenging to discover a better value at the moment. At $684, the Pixel 10 Pro is the top phone deal I've come across this Prime Day, and it's challenging to discover a better value at the moment. The Pixel 10 Pro is now priced at only $684 for Prime Day, which is a significant $315 reduction, making it the lowest price for this flagship phone to date. During Prime Day, the price of the Sony WH-1000XM5 drops below $200, and I believe it’s well worth the investment. During Prime Day, the price of the Sony WH-1000XM5 drops below $200, and I believe it’s well worth the investment. The Sony WH-1000XM5 is now available at a historic low price of $198 during Prime Day, giving you over $200 in savings on one of the top noise-canceling headphones available. Main Capital €5.25bn: wagering against the AI hysteria. Main Capital €5.25bn: wagering against the AI hysteria. Main Capital secured €5.25 billion, marking the largest buyout fund in the Netherlands, with a loss rate of less than 0.5% and taking a contrarian stance that AI will enhance enterprise software. LastPass experiences another data breach, but your password vault is secure this time. LastPass experiences another data breach, but your password vault is secure this time. LastPass has stated that customer names, contact information, and support case records were compromised in a breach at Klue, although the company assures that password vaults are still secure. OpenAI's Jalapeño chip: an alternative to Nvidia OpenAI's Jalapeño chip: an alternative to Nvidia OpenAI has introduced Jalapeño, its inaugural AI chip developed in collaboration with Broadcom for inference purposes, as it seeks to reduce its significant dependence on Nvidia.

LastPass experiences another data breach; however, your password vault remains secure this time.

LastPass has verified that customer names, contact information, and support case records were compromised in a breach at Klue, although the company asserts that password vaults are still secure.