← Back to news

LastPass notifies users of yet another data breach

Original article
9to5mac.com|364 points|160 comments|by mooreds|Jun 25, 2026

LastPass Alerts Users to Another Security Incident

LastPass system outage

By Marcus Mendes | June 23, 2026

LastPass subscribers are receiving new warnings regarding the theft of personal information. However, unlike previous incidents, this specific leak originated from a third-party partner rather than LastPass's own internal infrastructure.

The Klue Breach: What Happened?

According to reports from TechCrunch, LastPass is currently notifying individuals impacted by a security failure at Klue, a firm specializing in market research. This breach granted unauthorized actors access to specific customer details and support-related records.

LastPass clarified the situation via a blog post, emphasizing that password vaults were not compromised. The data accessed was strictly limited to business contact and CRM (Customer Relationship Management) information.

Summary of Compromised Data

Data CategorySpecific Details
Contact InformationFull names, email addresses, phone numbers, and physical addresses
CRM DataStandard business contact details
Operational DataSupport case history and sales-related information

Technical Infrastructure & Response

The breach occurred because Klue's platform integrates with other major systems. The relationship can be visualized as follows:

Upon discovering the vulnerability, LastPass took the following immediate actions:

  • Terminated all employee access to the Klue platform.
  • Performed a rotation of all exposed API tokens.
  • Reported the incident to law enforcement agencies.
  • Initiated a comprehensive investigation in coordination with Salesforce and Klue.

Warning to Users: LastPass urges all customers to "remain vigilant of potential phishing attacks or social engineering attempts" that may use the stolen contact data to appear legitimate.

Indicators of Compromise (IoCs)

For corporate security teams looking to audit their systems for malicious activity, LastPass has released the following identifiers associated with the attackers:

Malicious IP Addresses:

138.226.246[.]94
94.154.32[.]160
159.183.215[.]61
159.183.181[.]239

Suspicious Email Domains:

baccarat.com[.]au
robinskitchen.com[.]au
house.com[.]au

A Pattern of Vulnerability

This event is the latest in a troubling history of security lapses for the password manager. If we define the total risk as Risk=(Incidentn)\text{Risk} = \sum (\text{Incident}_n), the cumulative impact on user trust is significant.

  • 2015: Attackers stole authentication hashes, cryptographic salts, password reminders, and emails. (Vaults remained encrypted).
  • 2022: A developer's account was hijacked, leading to the theft of source code and technical documentation. This eventually allowed hackers to access cloud backups containing:
    • Encrypted password vaults.
    • Unencrypted personal data (names, phone numbers, billing/email addresses).

For further details on the Klue incident and the official response, you can follow this link.

Related Recommendations & News

  • Reading List: Steve Jobs in Exile by Geoffrey Cain or Apple: The First 50 Years by David Pogue.
  • Hardware: MacBook Neo, Logitech MX Master 4, AirPods Pro 3, or Apple Watch Series 11.

Apple price increases

Other Top Stories from 9to5Mac:

  1. Apple implements major price hikes for iPads and MacBooks.
  2. A list of Apple products that have not seen price increases.
  3. The upcoming MacBook Ultra and its six new features.
  4. The latest Apple Prime Day deals.

Google Preferred Source

About the Author: Marcus Mendes Marcus Mendes is a journalist and tech podcaster from Brazil with a focus on the Apple ecosystem since the mid-2000s.