LastPass Customer Data Stolen in Klue Breach
Original: Password manager maker LastPass says hackers stole customer support case data during Klue breach
Why This Matters
Demonstrates ongoing cybersecurity supply chain vulnerabilities affecting major password managers and customer data exposure risks.
Password manager LastPass notified customers that personal information and support case records were stolen during a breach at technology partner Klue on June 12, 2026. The breach affected customer names, phone numbers, email addresses, and support tickets, though LastPass's infrastructure and password vaults remained unaffected.
LastPass disclosed that hackers accessed customer data through a compromise at market research firm Klue, which disclosed the breach last week. The stolen information includes customers' names, phone numbers, email addresses, physical addresses, customer support case data, and sales-related information. LastPass confirmed its own systems were unaffected and customer password vaults remained secure. The company has more than 33 million users and approximately 1.6 million paying customers as of 2024. Customer support tickets may contain fragments of sensitive information, though their full contents remain unknown. The hacking group Icarus claimed responsibility for the Klue breach and threatened to release stolen data unless a ransom is paid. Other cybersecurity firms affected by the Klue breach include HackerOne, Recorded Future, and Tanium. LastPass experienced a previous data breach in 2022 when hackers stole customer password vaults; despite encryption, some were later cracked using weak master passwords, leading to subsequent cryptocurrency thefts.