LastPass Breach: Customer Data Stolen via Klue Hack

Klue CEO Jason Smith said the company identified hackers in its systems on June 12, 2026. A hacking and extortion group calling itself Icarus took credit for the breach and has publicly threatened to release the stolen data if a ransom is not paid.

LastPass is not alone here. It joins a growing list of cybersecurity firms caught in the same incident. Several other affected companies named in connection with the Klue breach include HackerOne, Recorded Future, and Tanium. That pattern, one breached vendor exposing many downstream brands, is exactly why supply-chain attacks have become the route of choice for data thieves.

Why customer support tickets are the part to worry about

The names and email addresses are bad enough for phishing. The customer support case data is the quieter risk.

It is not yet known what those tickets contained. But people usually open a support case when something has gone wrong, like a billing problem or trouble getting back into an account. Past incidents involving support tickets at other companies have exposed credentials and even government-issued identity documents. Until LastPass clarifies, customers should assume their tickets may hold fragments of sensitive personal detail.

If you use LastPass, treat any unexpected email, call or text about your account as a likely scam. Attackers now hold your name and contact details, which is exactly what they need to impersonate LastPass support and trick you into handing over a master password or one-time code. LastPass will not ask for those.

What this is not: your vault is still encrypted

LastPass is clear that password vaults were not part of this breach. That matters, because the company history makes vault safety the first question on everyone mind.

In 2022, LastPass suffered a far more serious incident in which hackers stole the company entire store of customer password vaults. Those vaults were encrypted with master passwords known only to each customer, but the theft let attackers brute-force the weakest master passwords offline and crack them open. Several crypto thefts were later linked to that breach, with hackers suspected of stealing wallet keys from cracked vaults.

This 2026 incident is a different and narrower problem. No vaults were taken. The exposed data is contact and support information held by a partner, not the encrypted secrets inside LastPass itself.

How big could this be

LastPass has not said how many customers are affected, and spokespeople did not immediately respond to questions about the incident. For scale, the company reports more than 33 million users and around 1.6 million paying customers as of 2024. The affected set is some subset of customers whose records reached Klue, not necessarily the entire user base.

What happens next over the coming 24 to 72 hours

Expect the situation to develop quickly on several fronts.

• More disclosures. Because Klue served many security vendors, additional companies may issue their own breach notices in the coming days as they work out whose data was exposed.
• The ransom clock. Icarus has threatened to publish the stolen data if it is not paid. Watch for any sign the data leaks publicly, which would sharply raise the phishing and identity-theft risk for affected customers.
• Scope answers. The open question is how many LastPass customers are affected and exactly what the support tickets contained. LastPass has not answered yet, and pressure to do so will build.
• A phishing wave. Stolen names and contact details are raw material for targeted scams. Affected customers should expect convincing LastPass-themed messages and treat every one with suspicion.

The practical takeaway is simple. Your encrypted vault is reported safe, but your contact details and possibly your past support conversations are not. Tighten up: confirm multi-factor authentication is on, make sure your master password is long and unique, and ignore any inbound request for codes or passwords, no matter how official it looks.

Source: TechCrunch