LastPass discloses data breach via Klue integration with Salesforce environment

Published: 24 June 2026
LastPass with a hacker
Image by Cybernews.

LastPass has notified customers that it had fallen victim to a data breach via Klue, a third-party market analysis platform integrated with Salesforce.

Key takeaways:
  • LastPass suffered a data breach after attackers used compromised Klue OAuth tokens to access customer contact and CRM data stored in its Salesforce environment.
  • The breach did not impact LastPass products, infrastructures, or customer vaults – only information linked to Klue’s application integration was affected.
  • Both companies have disabled the connection, rotated exposed tokens, and are urging affected customers to stay alert for phishing or social engineering attempts.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.

On June 12th, LastPass was notified of a security incident at Klue. The password manager developer immediately launched an investigation into the matter and found out that an unauthorized actor managed to obtain 0Auth tokens Klue held for its customers.

ADVERTISEMENT

The attacker used these credentials to access LastPass customer data within the company’s Salesforce environment. To prevent recurrence, all employee access to Klue was discontinued, and the exposed Klue OAuth tokens have since been rotated. The relevant law enforcement authorities have been notified of the incident.

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites

“It is important to note that the scope of this incident is limited to only those systems that integrate with Klue’s application. LastPass products, services, and infrastructure were not impacted in any way, and customer vaults remain secure,” LastPass says in a blog post about the security incident.

According to LastPass, the information that may have been affected is limited to standard business contact information and related customer relationship management (CRM) data, including customer names, phone numbers, email addresses, physical addresses, support case data, and sales-related data.

Affected customers are advised to remain vigilant of potential phishing attacks or social engineering attempts.

In a blog post, Klue says that it discovered “unauthorized activity” in a portion of Klue’s integration infrastructure.

“Our investigation determined that an attacker gained access through a compromised legacy credential associated with an integration service. The attacker used that access to obtain OAuth tokens used to connect Klue with certain third-party platforms, including Salesforce, and subsequently accessed data within a number of connected customer environments.”

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

In a status update, Salesforce confirms that the connection between Klue and Salesforce has been disabled. The tech company emphasizes that this issue is limited to Klue’s app connection and does not arise from a vulnerability within the Salesforce platform.

In December 2025, LastPass was fined £1.2 million ($1.58 million) due to a comprehensive data breach that had occurred in 2023, affecting 1.6 million people.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
By participating in this viral trend, you help train AI where it struggles the most
Windows hibernation may contribute to SSD wear as storage costs rise
UFO skeptic Michael Shermer apologizes to David Grusch
Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
The world's top intelligence alliance: AI could supercharge cyberattacks within months
ADVERTISEMENT