LastPass Salesforce Data Breach in Klue OAuth Token Hack Linked to Icarus Group; Customer Info Exposed, Vaults Remain Secure

LastPass confirms Salesforce data exposure after Klue OAuth token theft in supply chain attack linked to Icarus group; ...

LastPass confirms data breach after hacker compromises supply chain — here's what we know

Plenty of personal data obtained, but passwords seem to be safe.

LastPass Confirms Vendor Breach Exposed Customer Contact, Support Data

LastPass said customer contact and support data were exposed after attackers used stolen Klue OAuth tokens to access its ...

LastPass data breach confirmed: Everything we know so far

Hackers used a backdoor through a little-known third-party app to steal LastPass customer data.
CSO Online

Klue breach exposed Salesforce CRM data through stolen OAuth tokens

An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce ...

LastPass confirms data breach in Klue supply chain attack

LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth ...

New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and codebases.

Cloudflare: Own OAuth apps now for all developers

Cloudflare is making its OAuth ecosystem accessible to all customers. Companies can now create their own OAuth applications.
SecurityWeek

What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks

ShinyHunters use tactics including stolen credentials, compromised OAuth tokens, social engineering, vishing, and abuse of ...
CSOonline

Failure to verify OAuth tokens enables account takeover on websites

Report shows the importance of ensuring OAuth implementation is secure to protect against identity theft, financial fraud, and access to personal information ...