LastPass says customer contact details and support records were accessed after hackers breached one of its technology partners. Here’s what happened, what information was stolen, and how you can reduce your risk.
Table of Contents
What Happened?
According to LastPass, hackers gained access to customer information through a security incident involving Klue — a third-party market intelligence platform used by LastPass. The company said it learned about the incident on June 12 and launched an investigation immediately.
LastPass said the attackers obtained OAuth tokens (special login credentials that allow software systems to connect securely) stored by Klue. The hackers then used those credentials to access customer data inside LastPass’s Salesforce system.
The company said the incident was limited to systems connected to Klue. LastPass stated that its products, infrastructure, and customer password vaults were not affected.
Who Was Affected and What Data Was Leaked?
LastPass has not publicly shared how many customers were affected.
According to the company, the information accessed included:
- Customer names
- Email addresses
- Phone numbers
- Physical addresses
- Customer support case information
- Sales and customer relationship management (CRM) data
The company said there is no evidence that customer vault data was accessed.
Even information such as names, phone numbers, email addresses, and support records can be valuable to criminals. It can be used to make phishing emails, phone calls, or impersonation attempts look more convincing.
Data breaches can continue causing problems long after the original incident disappears from headlines. Many people focus on major breaches in the news but may not realize their information was also involved in older incidents.
If you are not sure whether your information was leaked somewhere online, automatic monitoring can help you spot problems earlier.
Futureproof monitors your data for leaks 24/7 and helps you reduce scam risks with simple, clear steps.
Futureproof monitors your information for data leaks 24/7 and guides you with clear steps to keep it safer from scams.
Run a free checkHow Did the Attack Happen?
LastPass said the incident started at Klue, a third-party supplier that connects with other business systems. Hackers obtained OAuth tokens, which are digital credentials used to authorize access between software platforms.
The attackers then used those credentials to access customer information stored in LastPass’s Salesforce environment. LastPass said it rotated the affected tokens and removed employee access to Klue after discovering the incident.

At Futureproof, Kevin explains digital safety in simple words, with clear tips and zero fluff. He holds a degree in information technology and studies fraud trends to keep his tips up-to-date.
In his free time, Kevin plays with his cat, enjoys board-game nights, and hunts for New York’s best cinnamon rolls.
