Klue security incident resulted in partial customer CRM data leakage for LastPass

LastPass announced that a security incident occurred on third-party platform Klue, where hackers used stolen OAuth tokens to access LastPass's Salesforce CRM system, resulting in data breaches such as customer names, phone numbers, email addresses, home addresses, and support cases. LastPass confirms that its products, services, infrastructure, and customer password repositories have not been affected, and Gong system data has not been accessed. LastPass has suspended employee access to Klue and rotated API tokens, while working with Klue, Salesforce, and law enforcement to investigate.