LastPass Users Hit by Breach at Third-Party Research Firm

LastPass is sending breach notifications to customers after a hack at Klue, a Canadian market research company, exposed personal information and customer support case records. The password manager giant confirmed the data theft stemmed from Klue's systems, not its own infrastructure.

The stolen data includes customer personal details and records from support interactions. That's a rough look for a company whose entire brand promise revolves around keeping sensitive information locked down — even if this time the fault lies with a third-party vendor.

LastPass has had a brutal stretch on the security front. The company suffered a devastating breach in 2022 that exposed encrypted password vaults. Now customers are learning their data was compromised again through a vendor relationship they likely never knew existed.

Details on the scope — how many users were affected or what specific data fields were exposed — remain limited.