A security breach at a third-party vendor has exposed customer data belonging to LastPass, the company confirmed this week, in the latest incident to put the beleaguered password manager back in the spotlight. LastPass confirmed this week that hackers gained access through a company called Klue, a market intelligence tool that LastPass uses internally to track competitors and manage sales relationships. According to LastPass, an unauthorized actor obtained OAuth tokens that Klue held on behalf of its customers and used them to access LastPass customer data within its Salesforce environment. The exposed information was limited to names, phone numbers, email addresses, physical addresses, and sales-related records. LastPass was emphatic that its core products and customer vaults, meaning passwords, were not affected.

Full explainer : Password manager maker LastPass says hackers stole customer support case data during Klue breach.