LastPass is notifying users after a security breach at market research firm Klue exposed customer data. Hackers accessed business contact information, including names, phone numbers, and physical addresses. The breach also leaked support case and sales-related data, though the company maintains that password vaults remained secure during this specific incident.

This leak happened because Klue integrates with Salesforce and Gong systems. To mitigate the risk, the company revoked employee access to the platform and rotated exposed API tokens. Users now face a higher risk of phishing attacks and social engineering attempts using the stolen CRM data to appear legitimate in their communications.

This incident adds to a history of failures for the password manager. Previous breaches in 2015 and 2022 exposed everything from authentication hashes to encrypted password vaults and source code. This pattern of vulnerability makes the latest leak particularly damaging to user trust in the company's security posture.

Companies can now search their systems for specific malicious IP addresses and domains like baccarat.com.au to detect related activity. LastPass is coordinating its current investigation with law enforcement and its partners at Klue and Salesforce to determine the full scope of the event.