LastPass just got breached through a vendor you've never heard of. Your SaaS integrations are the attack surface now.

LastPass confirmed yesterday that hackers stole customer data from its Salesforce environment.

Not by breaking LastPass.

By breaking Klue — a market intelligence platform most CISOs couldn't name on a bet.

Attackers compromised Klue's infrastructure using stale integration credentials. They stole OAuth tokens. Then they walked straight into LastPass's Salesforce like they belonged there.

Customer names. Emails. Phone numbers. Support cases. Sales records. All exposed.

Here's the part that should keep you awake: this wasn't a zero-day. It wasn't sophisticated malware. It was a trusted vendor with over-permissioned tokens and nobody watching the door.

The Icarus extortion group claimed the attack. They hit multiple organizations through the same vector — Recorded Future, Tanium, Jamf, Sprout Social. One compromised vendor, dozens of downstream victims.

And the pattern is accelerating. AI agents are now making API calls through the same OAuth pipelines. Every integration you've added for "efficiency" is a credential chain you probably haven't audited.

LastPass vaults weren't touched this time. But in 2022, a support system breach at LastPass was eventually used to pivot into vault storage. The playbook exists.

Audit every third-party OAuth integration in your Salesforce, Gong, and CRM environments today. Rotate tokens quarterly. Enforce least-privilege on every connected app. If your security team can't list every vendor with active tokens in your SaaS stack, you're already exposed.

SOURCE: https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/
VERIFIED: BleepingComputer (June 23, 2026), GBHackers (June 23, 2026), LastPass official blog (June 23, 2026)
SIGNAL: Supply chain attacks via OAuth token theft are becoming the primary vector for enterprise SaaS breaches. AI agents amplify this risk by creating more integration pipelines with elevated permissions.