TL;DR - LastPass was not breached.

  • LastPass uses Salesforce
  • a lot of companies use Salesforce
  • a lot of companies hired Klue
  • Klue was breached by an outsider using a working credential
  • outsider harvested OAuth tokens
  • outsider accessed Salesforce data for LastPass and other companies

If you're worried that because of this, now your work email, office phone, and preference of cigars or whiskey was compromised, you're living in a wonderful world. Enjoy it.

@hal8999 May I quote you on this?
@drwho yes. and my preference for cigars or whiskey is 'free'. Free beer always tastes better too. That's not secret data.