Canadian market intelligence firm Klue confirmed a data breach claimed by cybercrime group Icarus, compromising customer information at multiple downstream companies including password manager LastPass.
Klue, a market research platform, fell victim to a supply chain attack that gave hackers access to sensitive data across several high-profile clients. The Icarus cybercrime group claimed responsibility for the breach.
LastPass disclosed that attackers stole personal information and customer support case records from its Salesforce environment during the Klue incident. The password manager said hackers obtained OAuth tokens from Klue's systems, enabling unauthorized access to customer data stored in LastPass's CRM platform.
Other affected companies include endpoint management firm Jamf and bug bounty platform HackerOne, both of which confirmed exposure during the same attack.
This marks the second significant data breach to impact LastPass customers in recent years, following a previous incident involving a technology partner. The company has notified affected users and recommended security reviews.
Supply chain attacks like the Klue breach highlight how hackers target service providers to access larger customer bases. By compromising a single vendor, attackers can gain entry to dozens of downstream organizations without directly targeting them.
No information on the scope of exposed data or potential remediation measures has been detailed by all affected parties. Customers of impacted companies are advised to monitor accounts for suspicious activity and consider changing passwords stored in password managers as a precaution.
The incident underscores ongoing security challenges in cloud-based services and third-party integrations, areas that have become increasingly targeted by sophisticated threat actors.
Tesla is defending its Full Self-Driving system after a Model 3 crashed into a Texas home, killing a 76-year-old woman. The company claims the driver manually overrode the system.
A high-severity server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager is being actively exploited by threat actors. The flaw, CVE-2026-20230, allows attackers to bypass network restrictions and access internal systems.
Tata Electronics has confirmed it suffered a cyberattack targeting portions of its IT infrastructure, with hackers subsequently leaking data. The company disclosed the breach in a statement to BleepingComputer.
Law enforcement investigators combating child abuse material are facing unprecedented psychological strain as AI-generated content floods their caseloads. Agencies are failing to provide adequate mental health resources for officers exposed to traumatic material daily.