saas · BleepingComputer
LastPass confirmed a data breach affecting customer information stored in its Salesforce environment. The incident occurred after the Icarus extortion group compromised Klue, a third-party market intelligence platform that integrated with LastPass's Salesforce and Gong systems. Attackers obtained OAuth tokens held by Klue and used them to access LastPass customer data. Exposed information includes customer names, phone numbers, email addresses, physical addresses, support case information, and sales/CRM-related data. LastPass states that its products, services, infrastructure, and customer vaults were not directly affected, and no evidence of Gong-related data access was found.
For SaaS companies and defense contractors using third-party integrations, this incident highlights the importance of OAuth token lifecycle management and supply chain risk controls—key elements of SOC2 Type II audits and CMMC compliance frameworks. Organizations should evaluate whether their critical SaaS platforms (CRM, communication, analytics) have inventory and monitoring of all active OAuth tokens and whether third-party integrations are subject to security assessments before deployment. The exposure of customer contact information and support case data increases phishing and social engineering risk, particularly for regulated firms handling sensitive communications. An Omniware engagement can scope your current third-party integration inventory, token rotation policies, and incident response procedures.
Source: BleepingComputer - https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/
Source: BleepingComputer
All briefings