LastPass Confirms Customer Data Breach After Klue OAuth Token Theft

LastPass confirmed that an extortion group named Icarus accessed customer relationship management data in its Salesforce environment by using stolen Klue OAuth tokens. The company has since rotated the compromised tokens and terminated employee access to the third-party platform to remediate the data breach.