TECH NEWS

LastPass confirms data breach after hacker compromises supply chain — here's what we know

https://cdn.mos.cms.futurecdn.net/7Q34GM2RgrdwsWnK6jBAeP-2000-80.png
  • LastPass confirmed a supply chain breach via Klue, where stolen OAuth tokens let attackers access its Salesforce environment
  • Customer names, contact details, and CRM data were exposed, but master passwords were not; phishing risk remains high
  • Threat actor Icarus claimed responsibility; other firms including Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity also impacted

Password manager LastPass confirmed that it lost sensitive customer data in a supply chain attack that struck a third party.

As LastPass explained in a newly released incident report, unnamed threat actors first targeted Klue, a third-party market intelligence platform that integrates with its Salesforce and Gong systems. After obtaining its OAuth tokens, the attackers were able to access LastPass’ Salesforce environment and exfiltrate sensitive data stored there.

“On June 12th, LastPass was made aware of an incident that occurred at Klue (klue.com), a third-party market intelligence platform utilized by our go-to-market teams, which integrates...

Copyright of this story solely belongs to techradar.com. To see the full text click HERE

Read more

https://assets.bwbx.io/images/users/iqjWHBFdfxIU/iWqMOeTcvSvg/v1/1200x1200.jpg

Digital advocacy firms like CiviClick and Influent appear to use AI to generate mass public comments on local energy projects, mostly favoring fossil fuel use

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.