Loading article…
LastPass breach via third‑party Klue leaked names, emails and phone numbers but not master passwords. Learn what was exposed and the next steps for users.
LastPass disclosed that a supply‑chain attack on its third‑party market‑research vendor Klue resulted in the theft of customer names, phone numbers, email and postal addresses, while master passwords and vault contents remained intact [3]. The breach raises immediate phishing risks for millions of users and forces the password‑manager to tighten its integrations.
| At a glance | |
|---|---|
| Company | LastPass |
| Breach source | Third‑party vendor Klue |
| Data exposed | Names, phone numbers, email & postal addresses, support case details |
| Passwords compromised | None (master passwords not exposed) |
The incident began when attackers obtained OAuth tokens that Klue used to connect its platform to LastPass’s Salesforce and Gong systems. With those tokens, the threat actors accessed the Salesforce environment and exfiltrated the contact‑level CRM data listed above [3]. LastPass cut employee access to Klue, refreshed the compromised tokens, and launched a joint investigation with Klue, Salesforce and law‑enforcement [1]. The ransomware group Icarus claimed responsibility and warned of further data publication if a ransom was not paid [1].
Although the breach did not expose any password vaults, the stolen personal details can be leveraged for targeted phishing or social‑engineering attacks, prompting LastPass to urge customers to stay vigilant for suspicious communications [1][3]. The episode adds to a series of security setbacks for the company, including 2022 incidents that compromised vault data and led to an $8.2 million settlement [2]. Competitors such as 1Password, NordPass and Bitwarden, which have not reported similar supply‑chain breaches, may benefit from heightened user concerns about LastPass’s security track record [1].
The breach underscores that even without direct access to password vaults, compromised ancillary data can erode trust in a core security product, leaving the market to watch how LastPass rebuilds its supply‑chain defenses and whether users migrate to alternatives.
Coverage is mostly measured — 146 of 157 reports stay neutral.
Every Monday — the token unlocks, Fed dates & catalysts set to move crypto and markets this week. So you’re never blindsided.
Free · 3-min read · one-click unsubscribe
AI-assisted synthesis by the TrendWatcher Editorial Desk · sourced from 3 outlets · Jun 24, 2026 · How we report
It acts as a 4K streaming device that pulls recommendations from various apps and functions as a Matter-compatible smart home hub.
The new Google Home Speaker uses Gemini, which is designed to be more conversational and context-aware than the previous Google Assistant.
No, the Google Home Speaker features a non-removable USB-C charging cable.
The device lacks physical buttons, so users control volume by tapping the lights located on the sides of the speaker.