Why does this tech story matter?

It matters because it adds context to a current tech development and explains the practical stakes for readers following the topic.

Where can I find related Voxlogue coverage?

Use the related articles below this story or browse the Tech section for more reporting on connected developments.

LastPass Hit by Another Data Breach: Customer Support Case D

Last Pass is notifying 33 million users of a data breach affecting customer support records.

Yet Another Security Incident for the Password Manager Giant

LastPass, one of the world's largest password management platforms with over 33 million users, is notifying customers that their personal information and customer support case records were stolen during a breach at market research firm Klue. The incident, disclosed on June 23, 2026, marks the company's latest data security failure in a string of breaches spanning over a decade.

The breach occurred not at LastPass's own systems but at Klue, a market research platform that integrates with LastPass's Salesforce and Gong systems. Hackers abused their access to Klue's infrastructure to obtain reams of customer data belonging to LastPass and several other cybersecurity companies, including HackerOne, Recorded Future, and Tanium.

What Data Was Stolen

According to an email sent to affected customers and shared with TechCrunch, the information accessed was limited to standard business contact information and related CRM data. This includes customer names, phone numbers, email addresses, physical addresses, as well as support case data and sales-related records. Crucially, LastPass stated that encrypted password vaults were not accessed in this incident.

However, the contents of customer support tickets remain a concern. These tickets often contain fragments of potentially sensitive information. Past security incidents involving customer support database breaches at other companies have included credentials, billing details, and even government-issued identity documents uploaded for account recovery purposes.

LastPass has shared specific indicators of compromise for affected organizations, including IP addresses (138.226.246.94, 94.154.32.160, 159.183.215.61, 159.183.181.239) and email sender domains associated with the attackers (baccarat.com.au, robinskitchen.com.au, house.com.au).

LastPass's Troubled Security History

This latest incident adds to a long and troubling security track record for the password manager. In 2015, hackers obtained account email addresses, password reminders, authentication hashes, and cryptographic salts, though LastPass said encrypted vault data was not accessed at that time. The most damaging breach occurred in 2022, when an attacker compromised a developer account, stole source code and technical information, and later used that information to access cloud backups containing customer records and encrypted password vaults.

The 2022 breach was particularly severe because it exposed not only encrypted vault data but also unencrypted details such as names, billing addresses, email addresses, and phone numbers. Security researchers criticized LastPass's security architecture at the time, noting that the company's use of a shared encryption key and inadequate network segmentation made the breach far more damaging than it should have been.

Response and Mitigation Steps

Upon learning about the incident, LastPass says it revoked employee access to Klue, rotated exposed API tokens, notified law enforcement, and launched a detailed investigation working with contacts at both Klue and Salesforce. The company is recommending that customers remain vigilant of potential phishing attacks or social engineering attempts leveraging the compromised information.

For affected users, security experts recommend enabling two-factor authentication, monitoring for suspicious emails that reference LastPass or customer support interactions, and being cautious of any messages requesting password resets or account verification that reference specific details from support tickets. Users should also check for unauthorized access attempts across financial and email accounts.

Broader Implications for the Cybersecurity Industry

The LastPass breach is part of a growing pattern of supply chain attacks targeting cybersecurity companies themselves. When a security vendor suffers a data breach, the impact cascades across its entire customer base — which often includes other security firms, government agencies, and critical infrastructure operators. The Klue breach affecting multiple security vendors simultaneously (LastPass, HackerOne, Recorded Future, Tanium) highlights the concentration risk in the security technology ecosystem.

For Indian users and businesses relying on LastPass, the incident serves as a reminder that password managers, while generally more secure than reusing passwords across sites, are not immune to infrastructure-level attacks. Exploring alternatives with different security architectures — such as open-source managers like Bitwarden, or hardware-backed solutions — may be prudent for high-security environments. The Indian cybersecurity agency CERT-In has not yet issued a specific advisory on this incident at the time of publication.

Sources: TechCrunch Report, 9to5Mac Coverage, LastPass Official Blog, ZDNet Analysis