Security
LastPass confirms data breach via Klue supply chain attack affecting customer data
Tags Security · Enterprise
BleepingComputer·
LastPass announced hackers accessed customer data from its Salesforce environment after stealing OAuth tokens in a supply chain attack on Klue, a third-party knowledge management platform, earlier in June 2026.
Technical significance
This breach highlights the risk of OAuth token-based integrations in SaaS supply chains. Developers should audit third-party OAuth scopes and implement least-privilege access patterns for CRM integrations.