Yet another supply chain security incident has struck LastPass. This time, the company’s famous encrypted vaults were not under attack, but the personal data of its customers stored in Salesforce, the CRM used for support, was exposed. The point of entry was not a direct assault on LastPass’s own infrastructure, but a breach at Klue, a competitive intelligence vendor that held OAuth tokens granting access to the password manager’s Salesforce environment.

What happened

LastPass began notifying its customers after hackers breached the systems of Klue, a vendor specializing in competitive intelligence. Klue stored OAuth tokens that enabled programmatic access to LastPass’s Salesforce instance. Using those tokens, the attackers extracted personal information and support case data: names, phone numbers, email addresses, and details of support tickets.

The company reassures that the breach did not compromise its own servers or the encrypted password vaults, which remain inaccessible to outsiders. However, the stolen data can be used for targeted phishing or social engineering, posing a concrete threat to the privacy of the individuals involved. The incident confirms how insidious the supply chain can be: a seemingly minor partner with excessive privileges can become the weakest link.

The role of OAuth tokens and the Salesforce environment

At the heart of the matter are OAuth tokens, standard mechanisms that allow third-party services to operate on cloud platforms without repeatedly requiring user credentials. Klue used them to automatically access Salesforce data, presumably to cross-reference competitive insights with customer support requests. When Klue’s systems were compromised, the tokens turned into direct keys to LastPass’s Salesforce environment, without needing to breach any further barriers.

Salesforce is a sensitive target for many organizations, as it holds customer data, contracts, and communications. Unauthorized access to this information, even when separate from core systems, can cause reputational damage and compliance headaches, especially in regulated industries. The trust-based nature of the OAuth model means that a vendor breach effectively becomes a customer breach, without the latter ever suffering a direct attack.

Supply chain and data sovereignty: lessons for on-premise deployments

The LastPass-Klue episode offers valuable insights for those managing on-premise infrastructure, usually driven by control and data sovereignty requirements. Although the incident involves a cloud service like Salesforce, the principle applies equally in local contexts: integrations with external vendors—CRM, analytics platforms, ticketing systems—can introduce unexpected attack vectors. An overly scoped OAuth token or an unrotated API key poses a similarly serious threat within the corporate network.

For those hosting LLMs and inference pipelines on-site, perhaps in air-gapped configurations, supply chain risk manifests in the ecosystem of connected tools: monitoring software, vector databases, logging systems. A compromised vendor that holds credentials for staging or production environments can open a breach even within the most hardened perimeter. The lesson is clear: access tokens must be treated as primary credentials, with least-privilege policies, mandatory rotation, and constant auditing. It is not enough to protect the core (vaults, sensitive data) if you leave a backdoor through third parties.

Managing vendor risk: a structured approach

The story reinforces the need to evaluate suppliers not only by their functionality, but also by their security posture. During procurement, organizations should map the permissions each integration requires, limit them to the bare minimum, and contractually require immediate notification in the event of an incident. Tools like Identity and Access Management (IAM) and secret management (vaults for keys and tokens) help contain the damage when a partner is compromised.

For those adopting on-premise architectures for LLMs or other AI workloads, the attack surface extends to external integration services that feed the models (data pipelines, enrichment APIs, evaluation tools). The question to ask is not whether a vendor will ever be breached, but how ready the organization is to isolate the impact of that breach without jeopardizing data and trained models. A risk analysis framework, such as the one AI-RADAR proposes for on-premise deployments, helps map dependencies and privileges, turning an incident like the LastPass one from a generic alert into a concrete case study.