LastPass supply chain breach exposed customer names and contact data via Salesforce
Password manager LastPass confirmed a supply chain attack in which hackers compromised third-party platform Klue, stealing OAuth tokens to access LastPass's Salesforce environment. Customer names, contact details and CRM data were exfiltrated, though master passwords were not exposed. The threat actor group Icarus claimed responsibility; other companies including Recorded Future, Tanium, Jamf and Sprout Social were also affected.
LastPass confirmed a supply chain breach via Klue, where stolen OAuth tokens let attackers access its Salesforce environmentCustomer names, contact details, and CRM data were exposed, but master passwords were not; phishing risk remains highThreat actor Icarus claimed responsibility; other firms including Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity also impactedPassword manager LastPass confirmed that it lost sensitive customer data in a supply chain attack that struck a third party.As LastPass explained in a newly released incident report, unnamed threat actors first targeted Klue, a third-party market intelligence platform that integrates with its Salesforce and Gong systems. After obtaining its OAuth tokens, the attackers were able to access LastPass’ Salesforce environment and exfiltrate sensitive data stored there. “On June 12th, LastPass was made aware of an incident that occurred at Klue (klue.com), a third-party market intelligence platform utilized by our go-to-market teams, which integrates with our Salesforce and Gong systems,” LastPass said.Compromising names and emails"We immediately launched an investigation and learned that, as part of this incident, an unauthorized actor was able to obtain OAuth tokens Klue held for many of its customers, including LastPass.”“The threat actor then used these credentials to access LastPass customer data within our Salesforce environment.”Further in the report, the password manager said the attackers most likely accessed customer names, phone numbers, email addresses, postal addresses, support case information, and sales/CRM-related data. Passwords, including the master password, were most likely not exposed. However, criminals can use the data they obtained to launch phishing attacks, through which they might trick the victims into sharing those secrets, as well. LastPass is now urging customers to remain vigilant and be careful with incoming messages, particularly those claiming to come from the company. According to BleepingComputer, the Klue supply chain attack was claimed by a threat actor called Icarus, which apparently used compromised legacy credentials for an integration service to breach the intelligence platform. Besides LastPass, a number of other organizations are affected as well, the publication further reported, including Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity. LastPass has now disabled employee access to Klue.Via BleepingComputer
The SEC has gone three consecutive seasons without a college football national championship, an unusually long drought for the dominant conference. Georgia and several other SEC programs are considered the leading contenders to restore the conference's grip on the title. Analysis examines which teams have the best shot at the championship in the upcoming season.
China's Ministry of Commerce launched a rewards system on Wednesday for citizens who report illegal exports of strategic minerals. Reports can include companies that allow inspections by foreign entities without Beijing's approval. The move is seen as a new weapon in China's ongoing trade war with Western nations, particularly the United States.
The final pre-draft big board for the 2026 NHL Draft has been published ahead of Friday's first round. McKenna and Stenberg headline the updated rankings. The list gives fans a guide to which prospects are expected to be called earliest on draft day.
Experts surveyed in the National Bank of Poland's June macroeconomic poll forecast average annual CPI inflation of 3.0% and GDP growth of 3.5% for 2026. In subsequent years, both inflation and economic growth are expected to gradually slow. The NBP published the survey results on Wednesday.
Ukrainian Defence Forces struck a gas refinery and helium plant in Orenburg, southern Russia, more than 1,200 km behind the front line, the Ukrainian General Staff confirmed on Wednesday. The Orenburg helium plant is the only facility of its kind in Russia, making the strike strategically significant. The attack represents one of Ukraine's deepest long-range strikes to date.
Rory Feldman, a young magic enthusiast, has been accused of deceiving, defrauding and stealing while attempting to build an extensive magic memorabilia collection. Feldman denies wrongdoing, claiming he has been the target of a relentless smear campaign by a powerful faction he calls the "magic mafia." The case has exposed deep internal conflicts within the insular world of magic collectors.
Jack Quaid has been cast to voice the character Gravitator in season 5 of Robert Kirkman's animated superhero series "Invincible." He joins returning stars Steven Yeun, Sandra Oh and J.K. Simmons. No premiere date for the new season has been announced yet.
Tashkent is introducing additional incentives for foreign companies, building on the strong growth in foreign direct investment Uzbekistan has seen since 2017. The new measures aim to further attract international businesses to the Central Asian economy. Specific details of the new regulations were not disclosed in the announcement.
U.S. Treasury Secretary Scott Bessent announced that the Treasury Department will oversee frozen Iranian funds when they are released. No timeline for the release or the total value of the funds was specified. Bessent's statement signals the administration's direct involvement in managing Iran-linked financial assets.
Sister Daira Rosales, director of the House of Divine Mercy in Panama, has explained the origins and spiritual significance of the veil worn by nuns. The veil is one of the most recognisable symbols of consecrated religious life, yet its deeper meaning is rarely understood by the general public. The tradition has roots in both biblical texts and historical cultural practices.
South Korea's largest chipmaker SK Hynix plans to raise approximately $29.65 billion through a Nasdaq listing, issuing 17.79 million new shares valued at 45.45 trillion won. The move would rank among the largest public offerings in the history of the semiconductor industry. SK Hynix is South Korea's biggest memory chip manufacturer.
President Trump announced that Iran has assured the United States there will be no tolls, insurance costs, or charges of any kind for ships passing through the Strait of Hormuz. The strait is one of the world's most critical shipping lanes, carrying a large share of global oil exports.
Piotr Szenk, the current head of surgery at Warsaw's Southern Hospital, strongly distanced himself from statements made by his predecessor, Dr. Jędrzejewski. Speaking to Onet, he said no staff member had observed the practices Jędrzejewski described, calling himself "surprised and outraged" by the claims.
Soccer fans gathered on the Lucerne waterfront in Switzerland to watch World Cup matches on jumbo screens, but the air felt tropical rather than Alpine. Switzerland is experiencing unusually high temperatures that stand in sharp contrast to the country's traditionally temperate climate.
Scientists have discovered that the condition of the thymus — a small organ located behind the breastbone — may reveal a great deal about overall health and potential lifespan. The organ had long been overlooked even by researchers. New findings suggest that tracking thymus health could have significant diagnostic value.
Andy Burnham, Mayor of Manchester, is widely regarded as the leading candidate to become the next UK Prime Minister. He is dubbed both the "King of the North" for his work in Manchester and "Captain Flip-Flop" by critics who point to shifts in his positions. A youthful photo of Burnham has recently gone viral online.
GKS Katowice officially confirmed on Wednesday the signing of goalkeeper Maciej Kikolski from Widzew Łódź. The deal is a one-year loan with an option for a permanent transfer. This is another summer reinforcement for the Katowice club's goalkeeping position.
France has identified its first case of Ebola. The patient is a doctor who had recently traveled to the Democratic Republic of Congo, the health ministry confirmed. Medical workers are urgently working to trace all individuals who may have come into contact with the infected person.
Social media personality "Ciocia Halinka," known for posting about seniors' everyday finances, shared a letter from her local Social Welfare Centre (MOPS) informing her of a rise in home care costs. The increase is a direct result of March's pension indexation — a higher pension automatically raises the senior's contribution to care costs. The exact new amount is not specified in the source.
Prof. Piotr M. Majewski, speaking to Interia, explains why Ukraine glorifies the Ukrainian Insurgent Army (UPA) — an organisation Poland holds responsible for the Volhynia massacres and regards as a genocide. According to the historian, Ukraine's stance stems from the need to build an independence narrative rather than ignorance of the crimes. The issue remains one of the primary sources of tension in Polish-Ukrainian relations.
Comments
Loading…
Swipe up
⚡
You're all caught up
You've seen all the latest stories. Check back later for more.
Comments
No comments yet — be the first to weigh in 👇
No comments yet. Be the first!