The attackers utilized stolen OAuth tokens to query the Salesforce API, extracting names, email addresses, phone numbers, and physical addresses of LastPass customers. This operation was not isolated; the extortion group Icarus targeted multiple organizations simultaneously, with Recorded Future, Jamf, and Sprout Social among those affected. Cybersecurity firms Huntress and ReliaQuest identified that the perpetrators relied on Python scripts to automate the large-scale theft across the compromised platforms.
In response to the intrusion, LastPass has revoked Klue’s access and initiated coordination with law enforcement agencies. While the company maintains that its encrypted password vaults remain secure, it has warned users to exercise heightened caution regarding phishing attempts. The extortionists are currently pressuring victims to establish contact via the Session messaging platform, threatening to leak the stolen datasets if their demands are ignored.
Comments (0)
No comments yet. Be the first!