In a recent cybersecurity incident, LastPass and BeyondTrust have been identified as victims of a data breach originating from Klue’s compromised systems. The breach allowed unauthorized access to customers’ Salesforce data, following a hack by a group identifying as Icarus.
How the Breach Occurred
The threat actor Icarus exploited a legacy credential from Klue to infiltrate its systems and create OAuth tokens. These tokens enabled the attackers to penetrate third-party platforms that integrate with Klue, including Salesforce. Once inside, they extracted substantial data using automated processes.
Impact on Affected Companies
As a result of the breach, Salesforce and Gong have disabled their Klue integrations, affecting over a dozen organizations. Notifications from these companies indicate that the attackers only accessed external business data linked through Klue, leaving internal systems untouched.
LastPass confirmed that the compromised data was confined to business contact information, CRM data such as customer names, contact details, and sales-related information. The company has since disabled Klue access, rotated exposed tokens, and is cooperating with law enforcement and partners to investigate the breach.
Broader Consequences and Responses
The breach has also affected other companies, including 8×8 and Pendo, adding to a growing list of impacted organizations. Despite the breach, LastPass assured its users that their products and infrastructure remain secure, with no evidence of Gong-related data being accessed.
BeyondTrust reported similar data exposure from its Salesforce instance. Meanwhile, Icarus’s Tor-based leak site previously listed several organizations as victims, though the site is currently down.
Huntress estimates that more Klue customers may have been affected by the data breach, with additional disclosures anticipated.
As the investigation continues, it is evident that the breach highlights vulnerabilities in third-party integrations, prompting a need for enhanced security measures in interconnected digital ecosystems.
