Security3 min read
Klue data breach exposes customer data through 2022 stale credential
Tags Enterprise
TechCrunch·
Intelligence platform Klue disclosed that hackers used a credential stolen in 2022 to breach a system holding keys for accessing customer data. The credential was never revoked after a limited pilot program. LastPass also confirmed that customer support case data was stolen in the same breach chain, marking the second recent breach affecting LastPass customers.
Technical significance
The four-year gap between credential theft and exploitation highlights a critical failure in credential lifecycle management. Organizations must implement automated credential rotation and revocation, especially for pilot programs that may not go through standard decommissioning.