LastPass notifies users of yet another data breach

	LastPass notifies users of yet another data breach(9to5mac.com)
	503 points by mooreds 1 day ago \| 222 comments
	tl;dr: LastPass is notifying users of a breach involving third-party market research firm Klue, which exposed customer contact info and support case data (but not password vaults). The attackers accessed data via Klue's integrations with Salesforce and Gong; LastPass has revoked access, rotated API tokens, and warned users to watch for phishing. This marks the latest in a string of security incidents for LastPass, following major breaches in 2015 and 2022.
	HN Discussion: ↑LastPass has lost all credibility and users should not trust them anymore ↑Recommends switching to offline/self-hosted password managers like KeepassXC or Enpass ↓The breach narrative is overblown; this is a third-party CRM issue, not a LastPass vault breach •Provides additional context on the breach scope and other affected companies ~Switching away from LastPass is painful, which explains why some orgs stay