LastPass has confirmed that hackers accessed customer data after stealing OAuth tokens during a cyberattack on Klue, a third-party market intelligence platform used by the company.
The incident was discovered on June 12 after LastPass learned that attackers had obtained OAuth tokens stored by Klue. The stolen credentials were then used to access customer information in LastPass's Salesforce environment.
LastPass said its products, services, infrastructure, and customer password vaults were not affected. The company also found no evidence that customer calls or emails stored in Gong were accessed.
The exposed data may include customer names, phone numbers, email addresses, physical addresses, support case details, and sales-related information.
The attack has been linked to the Icarus extortion group, which claimed responsibility for breaching Klue and stealing OAuth tokens connected to customers' Salesforce environments. Several organizations were affected, including Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity.
LastPass has disabled employee access to Klue, rotated exposed tokens, notified law enforcement, and continues to investigate the incident.