Password supervisor maker LastPass is notifying prospects that their private data and buyer help case information have been stolen throughout a latest hack at certainly one of its expertise companions, marking the corporate’s newest knowledge breach in recent times.
In an e-mail shared with TechCrunch from an affected buyer, LastPass stated the breach occurred at market analysis agency Klue, and never its personal programs. Nevertheless, hackers abused their entry to acquire reams of information about LastPass prospects.
LastPass is the newest in a rising listing of cybersecurity firms which have reported knowledge thefts on account of the breach at Klue, which the corporate disclosed final week. A number of different affected companies include HackerOne, Recorded Future, and Tanium.
In a blog post that shared details about the incident, LastPass stated the hackers took prospects’ names, cellphone numbers, e-mail addresses, bodily addresses, in addition to buyer help case knowledge and sales-related knowledge.
LastPass stated the corporate’s personal infrastructure was unaffected, together with prospects’ password vaults.
It’s not but identified what was within the contents of buyer help tickets, though they seemingly comprise fragments of probably personal or delicate data. Prospects sometimes contact customer support when they’re having a billing concern or want help in getting access to their accounts. Previous incidents involving buyer help tickets have included credentials and government-issued identity documents.
Spokespeople for LastPass didn’t instantly reply to TechCrunch’s request for remark, or questions in regards to the incident, together with what number of prospects are affected by the incident.
LastPass has greater than 33 million customers and round 1.6 million paying prospects as of 2024, in accordance with its web site.
LastPass previously experienced a data breach in 2022, through which hackers stole the corporate’s total retailer of buyer password vaults, that are used to retailer their delicate credentials, similar to passwords, tokens, and different private and bank card numbers.
Whereas the vaults have been encrypted with grasp passwords solely identified to the shopper, the breach allowed hackers to brute-force and crack the vaults offline with the weakest grasp passwords, and subsequently entry the secrets and techniques inside. A number of crypto thefts have been later linked to the LastPass breach, after hackers have been suspected of stealing the sufferer’s pockets keys by cracking their password vault.
Klue CEO Jason Smith stated in a weblog publish that the company identified hackers in its programs on June 12. A hacking and extortion group referred to as Icarus took credit score for the breach, and have publicly threatened to launch the stolen knowledge if a ransom isn’t paid.
Smith has not responded to TechCrunch’s emails in regards to the incident, together with what number of prospects are affected or if the corporate has been in touch with the hackers.
Once you buy by hyperlinks in our articles, we may earn a small commission. This doesn’t have an effect on our editorial independence.

