LastPass, a password manager maker, has notified customers that their personal information and customer support case records were stolen during a recent hack at market research firm Klue. The breach occurred at Klue, but hackers used their access to obtain data about LastPass customers, including names, phone numbers, email addresses, and physical addresses.
The incident is the latest in a series of data breaches affecting cybersecurity companies, with other affected companies including HackerOne, Recorded Future, and Tanium. LastPass stated that its own infrastructure, including customers' password vaults, was unaffected.
The company has experienced a previous data breach in 2022, in which hackers stole customer password vaults, leading to several crypto thefts. The current breach has been claimed by a hacking and extortion group called Icarus, which has threatened to release the stolen data if a ransom isn't paid.
