Here we go again:

On June 12th LastPass was made aware of an incident that occurred at Klue (klue.com), a third-party market intelligence platform utilized by our go-to-market teams which integrates with our Salesforce and Gong systems. The incident had a broad impact across many companies including LastPass. We immediately launched an investigation and learned that, as part of this incident, an unauthorized actor was able to obtain OAuth tokens Klue held for many of its customers, including LastPass. The threat actor then used these credentials to access LastPass customer data within our Salesforce environment. Remediation has been completed, and the exposed Klue OAuth tokens have since been rotated.

The information accessed was limited to standard business contact information and related customer relationship management (CRM) data, including customer names, phone numbers, email addresses, and physical addresses, as well as support case data and sales-related data.

LastPass just can’t catch a break. Public sentiment for the company has taken a nosedive this past year.