LastPass confirms data breach in Klue supply chain attack

Hackers stole OAuth tokens from Klue, a third-party platform, to access LastPass customer data in its Salesforce environment. LastPass products, services, and customer vaults were not affected. Exposed data may be used in phishing attacks. The Icarus extortion group claimed responsibility.