A popular password manager was hit by a hack. What you need to know—and how to keep your data safe

Password manager LastPass disclosed a security breach impacting its customers on June 12, stemming from a hack at third-party market intelligence platform Klue. An unauthorized actor obtained OAuth tokens Klue held for its customers, including LastPass, which were then used to access LastPass customer data within its Salesforce environment. Klue's platform integrates with Salesforce and Gong systems. The compromised OAuth tokens have since been rotated. LastPass confirmed that hackers stole sensitive customer data such as names, phone numbers, email addresses, physical addresses, and support and sales-related data from Klue. However, LastPass stated that its own products, services, and infrastructure were not impacted, and customer vaults remain secure. This incident follows a previous data breach at LastPass in 2022, where hackers stole encrypted passwords, leading to a $24.5 million payout to affected users. Several other cybersecurity companies, including Gong, Jamf, HackerOne, Insurity, OneTrust, Recorded Future, Snyk, Sprout Social, and Tanium, were also affected by the Klue hack.