LastPass Users at Risk Again: Klue System Breach Leads to Data Theft

20:30 / 23.06.2026·44·Technology

LastPass, one of the world's most popular password managers, has announced another cyberattack. This time, hackers successfully gained access to the systems of the company's technological partner — the market research firm Klue. As a result, personal data of LastPass users and correspondence with customer support services fell into the hands of criminals. This is reported by Techcrunch.com reports it.

According to TechCrunch, LastPass has begun notifying its users about this incident via email. The company stated in its announcement that the breach did not occur directly within the LastPass infrastructure, but hackers exploited a vulnerability in the partner company's system to obtain a large volume of customer data. Klue had admitted last week that an attack was launched against its systems.

It has become known that the stolen dataset includes users' full names, phone numbers, email addresses, and physical addresses. Additionally, sales operations and requests sent to customer support were also compromised. Such requests often contain sensitive information, such as billing issues or requests for help with account access.

Security Measures and Concerns

LastPass representatives are attempting to reassure users, stating that the company's core infrastructure and, most importantly, the customers' password vaults remained intact. Nevertheless, concerns are growing as support correspondence sometimes contains identity verification documents or fragments of confidential information. So far, exact numbers on how many users were affected by this incident have not been provided.

It is worth noting that this breach in the Klue system was not limited to LastPass. Major cybersecurity companies such as HackerOne, Recorded Future, and Tanium have also reported data leaks due to this incident. This once again proves how critical the security of partner companies is in the modern IT ecosystem.

This is not the first failure for LastPass. In 2022, the largest data theft in the company's history occurred. At that time, hackers managed to download all customer password vaults. Although these vaults were encrypted, data from users with weak master passwords were later cracked, leading to several major cryptocurrency thefts.

Currently, more than 33 million users and nearly 1.6 million paid customers worldwide use the LastPass platform. Given its popularity among Uzbek users, experts recommend that all users enable two-factor authentication (2FA) on their accounts and be cautious of suspicious emails.