LastPass confirms supply chain breach via Klue

LastPass confirmed a supply chain breach where attackers stole OAuth tokens from third-party platform Klue to access its Salesforce environment. Customer names, contact details, and CRM data were exposed, but master passwords were not. Threat actor Icarus claimed responsibility, and other firms including Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity were also impacted.