A recent supply chain attack on market research company Klue has exposed sensitive data from multiple companies, including LastPass and several cybersecurity vendors. The breach, which was detected on June 12, allowed hackers to steal OAuth tokens that granted access to Salesforce environments where customer relationship and support data were stored.

What Happened

The attack began when hackers compromised a credential dating back to 2022, which was used by Klue for a limited pilot. The company's investigation suggests that the credential was provided to a third-party in 2022, but it is unclear what the purpose of the pilot was or how long it ran. Despite this, the credential remained active and was eventually used by hackers to steal sensitive data from multiple companies.

LastPass, which has approximately 33 million users and over one million paying customers, was among those affected by the breach. The company's customer names, emails, phone numbers, and support case data were stolen after hackers breached Klue and used OAuth tokens to access Salesforce. LastPass emphasized that its own systems were not compromised and that encrypted password vaults were not accessed.

Background and Context

Klue is a market research company that provides competitive intelligence to businesses. The company's platform integrates with CRM and sales tools across organizations, allowing it to store sensitive data on behalf of its customers. In this case, the OAuth tokens stolen by hackers granted access to Salesforce environments where customer relationship and support data were stored.

The breach is particularly damaging for LastPass because of the company's history. In 2022, hackers breached LastPass directly and stole the entire store of customer password vaults. This breach eroded trust in the company and prompted a wave of customers to switch to competitors.

Why It Matters to the Industry

The Klue breach highlights the risks associated with supply chain attacks and the importance of robust credential management practices. By compromising a single credential, hackers were able to steal sensitive data from multiple companies, demonstrating the potential for widespread damage in these types of attacks.

For adult-industry platforms and operators, this breach serves as a reminder of the need for robust security measures and regular audits to ensure that third-party vendors are not putting their customers' data at risk. The use of OAuth tokens and other access credentials also raises questions about the potential for unauthorized access to sensitive data.

What Comes Next

Klue has announced that it is conducting a comprehensive review of its credential management practices, vendor-access controls, monitoring capabilities, and deployment security processes. LastPass has also notified affected customers and emphasized that its own systems were not compromised.

The breach has also raised questions about the role of third-party vendors in storing sensitive data on behalf of their customers. As the adult industry continues to rely on these types of services, it is essential that platforms and operators prioritize robust security measures and regular audits to ensure that customer data remains secure.

Key Facts

  • Klue detected a breach on June 12, which allowed hackers to steal OAuth tokens granting access to Salesforce environments.
  • The stolen data includes names, phone numbers, email addresses, physical addresses, and support case information from multiple companies.
  • LastPass was among those affected by the breach, with customer names, emails, phone numbers, and support case data stolen.
  • Klue has announced a comprehensive review of its credential management practices in response to the breach.
  • The breach highlights the risks associated with supply chain attacks and the importance of robust credential management practices.