LastPass reveals hackers accessed customer support case data via Klue breach, raising fresh concerns over password‑manager securityExecutive summary: LastPass reported that hackers stole customer support case data during a breach of its partner Klue. The exposed support data could be used for targeted phishing or social‑engineering attacks, underscoring the vulnerability of password managers to third‑party supply‑chain failures and raising potential regulatory scrutiny. LastPass (and its parent GoTo), its partner Klue, affected customers, and data‑protection regulators such as EU DPAs. LastPass will likely issue breach notifications to affected users, enhance monitoring and incident response, while Klue investigates its systems; regulators may open inquiries into data‑protection compliance.LastPass disclosed that threat actors obtained customer support case information during a security incident at its technology partner Klue. This marks the second notable data‑related event affecting the password manager in recent years, following a prior breach of a tech partner. The leak of support data could enable phishing or social‑engineering attacks against users and highlights ongoing supply‑chain risks for credential‑management services.Connected developmentsWhy Europe is rebuilding its tech stackOpen the full case file on Beyond →
Social Pulse
AI estimate · not scraped