- LastPass confirmed a supply chain breach via Klue where stolen OAuth tokens allowed attackers to access its Salesforce environment
- Customer names, contact information and CRM data were exposed, but master passwords were not; the phishing risk remains high
- The threat actor Icarus claimed responsibility; other firms including Recorded Future, Tanium, Jamf, Sprout Social, Gong and Insurity also made an impact
Password manager LastPass confirmed it lost sensitive customer data in a supply chain attack that hit a third party.
As LastPass explained in a recently released incident report, unnamed threat actors first targeted Klue, a third-party market intelligence platform that integrates with its Salesforce and Gong systems. After obtaining its OAuth tokens, the attackers were able to access LastPass’s Salesforce environment and exfiltrate sensitive data stored there.
“On June 12, LastPass was made aware of an incident that occurred at Klue (klue.com), a third-party market intelligence platform used by our go-to-market teams that integrates with our Salesforce and Gong systems,” LastPass said.
Compromising names and emails
“We immediately launched an investigation and found that as part of this incident, an unauthorized actor was able to obtain the OAuth tokens that Klue held for many of its customers, including LastPass.”
“The threat actor then used these credentials to access LastPass customer data in our Salesforce environment.”
Further in the report, the password manager said the attackers most likely gained access to customer names, phone numbers, email addresses, postal addresses, support case information and sales/CRM-related data.
Passwords, including the master password, were most likely not disclosed. However, criminals can use the data they have obtained to launch phishing attacks, through which they can also trick victims into sharing these secrets.
LastPass is now urging customers to remain vigilant and be wary of incoming messages, especially those claiming to be from the company.
According to Bleeping ComputerThe Klue supply chain attack was claimed by a threat actor called Icarus, who apparently used compromised legacy credentials for an integration service to breach the intelligence platform.
In addition to LastPass, a number of other organizations are also affected, the publication further reported, including Recorded Future, Tanium, Jamf, Sprout Social, Gong and Insurity. LastPass has now disabled employee access to Klue.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
