Tech

LastPass notifies users of yet another data breach

Published on

June 23, 2026

Via 9to5Mac - TechMarcus Mendes

LastPass

LastPass notifies users of yet another data breach

Marcus Mendes | Jun 23 2026 - 2:48 pm PT

0 Comments

LastPass users are once again being warned about stolen personal data, though this time the breach happened through one of the company’s outside partners. Here are the details.

LastPass says password vaults not affected

As reported by TechCrunch, LastPass is emailing users affected by a breach at market research firm Klue, which allowed hackers to access customer information and support case data.

The news came as LastPass shared more information on a blog post, where it explained:

The information accessed was limited to standard business contact information and related customer relationship management (CRM) data, including customer names, phone numbers, email addresses, and physical addresses, as well as support case data and sales-related data.

LastPass said that upon learning about the incident, the company revoked employee access to Klue, rotated the exposed API tokens, notified law enforcement, and launched “a detailed investigation into the scope of the event, working with our contacts at both Klue and Salesforce.”

The company explains that Klue’s platform integrates with Salesforce and Gong systems.

As a result, LastPass is recommending that customers “remain vigilant of potential phishing attacks or social engineering attempts” leveraging the compromised information. LastPass also shared the following IP addresses and email sender domains associated with the attackers, which companies can use to search for related activity in their systems:

IP Addresses:

138.226.246[.]94

94.154.32[.]160

159.183.215[.]61

159.183.181[.]239

Email Sender Domains:

baccarat.com[.]au

robinskitchen.com[.]au

house.com[.]au

This is the latest in a series of security incidents affecting LastPass. In 2015, hackers obtained account email addresses, password reminders, authentication hashes, and cryptographic salts, although LastPass said encrypted vault data was not accessed.

In 2022, an attacker compromised a developer account and stole source code and technical information. The attacker later used that information to access cloud backups containing customer records and encrypted password vaults, along with unencrypted details such as names, billing addresses, email addresses, and phone numbers⁠.

To learn more about the Klue breach and LastPass’s response, follow this link.

Worth checking out on Amazon

Add 9to5Mac as a preferred source on Google

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

Comments

Author

Marcus Mendes https://www.threads.com/mvcmendes

Marcus Mendes is a Brazilian tech podcaster and journalist who has been closely following Apple since the mid-2000s.

He began covering Apple news in Brazilian media in 2012 and later broadened his focus to the wider tech industry, hosting a daily podcast for seven years.

Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It's possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Don't Miss

China’s Instagram Gets Ready to Go Public

Up Next

Anthropic Customer Sues US Over Losing Access to Fable AI Model