LastPass hit by new data breach - 4 steps you should take now

LastPass experienced a data breach through a third-party supplier, exposing customer names, phone numbers, and other information. This breach raises concerns about the security of sensitive user data. Users should take immediate steps to protect their accounts and personal information.

HotMarketHigh-signal source

Signal trust

High-signal sourceSingle sourceEarly signal

PublishedWednesday, June 24, 2026 at 4:21 PMJun 24, 04:21 PM

Freshness8h live

Story ID#4537

Back to feed Original report

Original article excerpt

Server-side extracted preview paragraphs from the original source.

A third-party supplier breach has exposed LastPass customer names, phone numbers, and other data. Here's how to protect yourself.

Do you use LastPass as your password manager? If so, I got some bad news. Yes, another data breach, though this one occurred at one of the company's third-party suppliers.

In a Tuesday blog post, LastPass revealed that a breach at a third-party supplier named Klue compromised certain contact and CRM (customer relationship management) data. The stolen information includes customer names, phone numbers, email addresses, and physical addresses, as well as support case and sales-related details. The only saving grace so far is that no master passwords or password vaults were compromised in the breach.

Also: Can you trust LastPass in 2026? Inside the multimillion-dollar quest to rebuild its security culture

As the blog post explains, Klue is a third-party market research platform used by LastPass to integrate with its Salesforce and Gong systems, allowing it to work with customer data and conduct market research. The hackers were able to snag the OAuth security tokens used by Klue to connect to customer data across these different systems. They then exploited these tokens to steal the LastPass user data stored in Salesforce.

In response to the breach, LastPass explained that it cut off all employee access to Klue, refreshed the exposed tokens, kicked off an investigation in conjunction with Klue and Salesforce, and began working with law enforcement.

The company also announced that it's sharing information with the broader cybersecurity community to help disrupt this latest campaign. Of course, LastPass promised to set up better protections to prevent this type of breach in the future.

Opening the briefing

LastPass hit by new data breach - 4 steps you should take now

Original article excerpt