The vaults stayed out of reach, but OAuth tokens pulled LastPass support and CRM records through a SaaS integration breach.
BleepingComputer frames the incident through Klue tokens, Salesforce data, and support records.
X will collapse LastPass into another password-vault scare.
LastPass confirmed customer-support and CRM records were exposed through a Klue supply-chain incident, while BleepingComputer tied the access path to OAuth tokens and Salesforce data theft. [1][2]
The comforting part is also the trap: LastPass said password vaults were not accessed. That is not the same as saying nothing important happened. Support records, contact details, CRM data, and integration tokens are enough to draw a map around customers. [1]
MSM and security outlets can frame the breach precisely. X will likely hear only LastPass and remember prior vault panic. The paper's divergence is the surface. The vault was not the surface. SaaS integration was.
That matters because modern business risk often lives between products. Klue, Salesforce, LastPass, customer support, and extortion groups are not separate nouns to an attacker. They are paths.
The receipt to watch is token rotation, customer notification, and whether more SaaS tools disclose the same Icarus-linked route. A breach that misses the vault can still hit the business.
-- DAVID CHEN, Beijing