LastPass disclosed a customer data leak tied to a breach at Klue, a third-party vendor integrated with its customer support systems. The company emphasized that the exposed data was limited to information held in systems that interface with Klue — primarily customer support tooling — and that no data from LastPass’s core product or password vaults was affected.
In short: vault contents and master passwords remain protected, but other customer data (names, phone numbers, and similar account details) was exposed through the vendor integration.
Why it matters: The vault stayed safe, but names, emails, and phone numbers leaking through a support-tooling vendor is exactly the kind of exposure that fuels targeted phishing. If your org integrates a vendor like Klue, review what customer data it can touch and treat your support-stack integrations as part of your attack surface, not just your product.