Security0 views

LastPass Customer Data Leaked Following Third-Party Service Breach

LastPass has confirmed a security incident involving a leak of customer data linked to their third-party platform provider, Klue. While user vaults remain secure and unaffected, the breach exposed sensitive personal details that could facilitate targeted phishing and social engineering attacks.

The stolen data includes:

  • Full names and telephone numbers
  • Email addresses
  • Physical addresses

Attackers gained access by stealing OAuth tokens managed by Klue. LastPass has since rotated these tokens to prevent further unauthorized access, but users should remain vigilant against suspicious communications claiming to be from the service.