LastPass has confirmed a security incident involving a leak of customer data linked to their third-party platform provider, Klue. While user vaults remain secure and unaffected, the breach exposed sensitive personal details that could facilitate targeted phishing and social engineering attacks.
The stolen data includes:
- Full names and telephone numbers
- Email addresses
- Physical addresses
Attackers gained access by stealing OAuth tokens managed by Klue. LastPass has since rotated these tokens to prevent further unauthorized access, but users should remain vigilant against suspicious communications claiming to be from the service.

