Hackers couldn’t get into customers’ password safes
The good news: The criminals didn’t steal any password safes. That doesn’t mean that customers can feel safe. According to a LastPass blog post, the hackers obtained names, addresses, telephone numbers and email addresses, among other things. Additionally, they were able to access data related to support cases and sales. It is therefore to be feared that there will be an increase in phishing attempts in the near future, in which stolen customer data will be used specifically.
Attackers stole OAuth tokens from service providers
The attack took place on June 12th on the systems of a company called Klue, with which LastPass works, among other things, on product marketing. Since this involves data from Salesforce and Gong systems, numerous other companies are also affected by the hack. According to The Register, this includes Jamf, developer of the well-known device management for Apple devices. The attackers first captured OAuth tokens, which they used to gain access to LastPass and others’ Salesforce systems. These tokens have now been invalidated, so that the immediate risk of further access has been averted. LastPass has also disabled the Klue integration.
Those affected must expect phishing attacks
LastPass advises affected customers to pay more attention to phishing attempts and so-called social engineering in the coming weeks and months. The company particularly points out that its employees never ask for the master password. If such a request arrives via email or messenger, it is definitely an attack. In the blog post, LastPass names some email addresses from which attempts have already been made. LastPass has been targeted by hackers several times in the past. There was an attack in November 2022 in which criminals also stole customer data and password vaults.