LastPass says attackers used Klue-held OAuth tokens to access customer CRM and support case data in Salesforce, while its password vaults and core infrastructure were not affected. The practical risk is targeted phishing and social engineering built from real support histories.
Klue’s June security incident let attackers use a legacy integration credential to obtain OAuth tokens and pull Salesforce CRM data from connected customer environments. The breach is a practical warning for teams that treat SaaS integrations as trusted background plumbing instead of monitored, scoped access paths.