LastPass Confirms Data Leak via Third-Party Vendor Klue
LastPass confirmed a data leak on June 23, 2026, which was widely reported on June 26, 2026. The incident occurred through a compromised third-party platform, Klue, a market analysis tool integrated with LastPass's customer management system (Salesforce). Attackers gained access to customer information including names, phone numbers, email, and postal addresses, as well as support and sales data. LastPass stated that encrypted password vaults and master passwords were not affected.
Signal context
First seen: Jun 26, 2026
Last updated: Jun 26, 2026
Status: Public signal
Key points
- Supply chain attack via third-party vendor Klue.
- Exposed customer contact information (names, phone numbers, email, postal addresses).
- Support and sales data also compromised.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Information
Likely country: 🇧🇪 Belgium, 🇩🇪 Germany
inferred from source domains
The feed marks multiple actor roles. Treat this as a review signal rather than a final attribution.
- Source type: outside the affected organization
- Source type: supplier or third-party involvement
Impact area: Confidentiality
Likely asset: User or customer data
- 28 signals in the same sector
- 94 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
LastPass confirms data breach in Klue supply chain attack - Bleeping Computerhttps://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/Public source from bleepingcomputer.com.
BeyondTrust, LastPass Impacted by Klue-Salesforce Incidenthttps://www.securityweek.com/beyondtrust-lastpass-impacted-by-klue-salesforce-incident/Public source from securityweek.com.
LastPass confirms data breach after hacker compromises supply chain — here's what we knowhttps://www.techradar.com/pro/security/lastpass-confirms-data-breach-after-hacker-compromises-supply-chain-heres-what-we-knowPublic source from techradar.com.
LastPass says hackers stole customer data through a supply chain breach at Kluehttps://thenextweb.com/news/lastpass-klue-supply-chain-breach-customer-data-stolenPublic source from thenextweb.com.
LastPass user data stolen by hackers againhttps://appleinsider.com/articles/26/06/23/lastpass-user-data-stolen-by-hackers-againPublic source from appleinsider.com.
LastPass hit by new data breach - 4 steps you should take now | ZDNEThttps://www.zdnet.com/article/lastpass-new-data-breach-2026-steps-to-take-now/Public source from zdnet.com.
Scope of Salesforce Attacks Expands as Icarus Leaks Data - Cyber Recapshttps://cyberrecaps.com/news/cybersecurity-news-june-24-2026/Public source from cyberrecaps.com.
LastPass meldt datalek via populaire Klue-integratie met Salesforce - Tweakershttps://tweakers.net/nieuws/249376/lastpass-meldt-datalek-via-populaire-klue-integratie-met-salesforce.htmlPublic source from tweakers.net.
LastPass bevestigt datalek na aanval op softwarepartner Klue - TechPulsehttps://techpulse.be/nieuws/501300/lastpass-bevestigt-datalek-na-aanval-op-softwarepartner-klue/Public source from techpulse.be.
LastPass Datenleck Juni 2026: Kundendaten über Klue abgeflossen - Datenputzer.dehttps://datenputzer.de/blog/lastpass-datenleck-klue-juni-2026Public source from datenputzer.de.
Related signals
Grouped by why the signal is relevant.
Charter Communications (Spectrum) Data Breach by ShinyHunters
Charter Communications confirmed a data breach affecting Spectrum customers after the ShinyHunters group threatened to leak stolen data. The breach, which occurred around April 1, 2026, involved a vishing attack that compromised an employee's Microsoft Entra account, granting access to Salesforce data. Initially, Charter stated no sensitive personal information or CPNI was exfiltrated, but later breach monitoring indicated the exposed dataset affected approximately 4.9 million accounts, with some researchers reporting up to 13 million individuals and nearly 10 million customer-support records. Exposed data included names, email addresses, phone numbers, physical addresses, job titles, and customer support ticket information. Multiple federal lawsuits have since been filed against Charter for failing to protect customer data.
Dutch civil servants from Authority for Consumers and Markets (ACM) affected by Microsoft data leak
Names of civil servants from the Authority for Consumers and Markets (ACM), involved in implementing the Digital Services Act (DSA), were reportedly shared by Microsoft with the U.S. House of Representatives without redaction.
Ukrposhta Hit by Cyberattack, Mobile App and IT Systems Disrupted
Ukraine's state-owned postal operator, Ukrposhta, reported temporary disruptions to its mobile application and IT systems following an overnight 'hostile cyberattack' on June 25, 2026. The incident was widely reported on June 26, 2026. A pro-Russian activist group, 'IT army of Russia,' claimed responsibility for the attack, alleging they had breached Ukrposhta's infrastructure weeks earlier and exfiltrated a database containing user information and other internal data.
AgelessRx Data Breach Exposes Patient Health Information
AgelessRx, a telehealth platform specializing in longevity and anti-aging treatments, disclosed a data breach. An unauthorized actor gained access to certain help-desk tickets within the company's system between April 17 and April 22, 2026. The breach exposed sensitive patient health information, including names, dates of birth, health diagnoses or conditions, medications, and prescription details. The incident was reported to attorneys general on June 24, 2026, and notification letters to affected individuals began on June 23, 2026.
HackerOne Affected by Klue Supply Chain Attack
Cybersecurity firm HackerOne was among the organizations impacted by the Klue supply chain attack, which involved unauthorized access to customer data within Salesforce environments. The attack leveraged compromised OAuth tokens from the Klue platform.
Sprout Social Data Compromised in Klue Supply Chain Attack
Sprout Social, a social media management platform, was among the companies affected by the Klue supply chain attack. The incident led to unauthorized access to customer data within Salesforce environments, due to compromised OAuth tokens from the Klue platform. The Icarus extortion group claimed responsibility for the attack.