LastPass has acknowledged a data breach resulting from the recent Klue supply chain attack, where hackers stole OAuth tokens to gain unauthorized access to the company's Salesforce environment, compromising customer data. The attack, which occurred earlier this month, highlights the vulnerabilities associated with supply chain attacks and the importance of securing OAuth tokens. Specifically, the breach underscores the risks of relying on third-party services, as the Klue attack has affected multiple companies, including LastPass. The stolen OAuth tokens allowed hackers to bypass traditional security measures, emphasizing the need for robust token management and monitoring. This incident serves as a reminder that even reputable companies like LastPass can fall victim to sophisticated attacks, and staying vigilant is crucial1. So what matters to practitioners is that they must reevaluate their own supply chain security and OAuth token management to prevent similar breaches.