TL;DR - LastPass was not breached.

  • LastPass uses Salesforce
  • a lot of companies use Salesforce
  • a lot of companies hired Klue
  • Klue was breached by an outsider using a working credential
  • outsider harvested OAuth tokens
  • outsider accessed Salesforce data for LastPass and other companies

If you're worried that because of this, now your work email, office phone, and preference of cigars or whiskey was compromised, you're living in a wonderful world. Enjoy it.

@hal8999 also if you're still using LastPass, then you aren't worried about your passwords being leaked (my work still uses LastPass)
@aburka I still lock the door to my house, knowing full well that a mule kick or a rock through the window is a low-cost breach. While at the same time, sleeping with my windows open. Because my fluffy dog would surely save the day. (You live with the illusions that keep you happy.)