LastPass has confirmed that customer names, contact details, and support case records were exposed in a breach at Klue, though the company says password vaults remain secure.
This is the second data breach to affect LastPass customers in recent years, after one of the password manager’s tech partners was recently breached.
The password manager giant said hackers were able to ‘brute-force’ its two-factor system, allowing them to access customer accounts and download their password vaults.

KrebsOnSecurity.com celebrates its 16th anniversary today! A huge “thank you” to all of our readers — newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a primary focus on entities that enabled complex and globally-dispersed cybercrime services.