ChainCatcher 消息,密码管理工具 LastPass 公告,获悉其第三方市场情报平台 Klue 发生安全事件,黑客窃取了 Klue 持有的多个客户(包括 LastPass)的 OAuth 令牌,并利用这些令牌访问了 LastPass 的 Salesforce CRM 系统,导致部分客户姓名、电话号码、邮箱地址、家庭住址以及支持案例等业务联系信息和 CRM 数据可能泄露。
官方提醒:LastPass 的产品、服务、基础设施及客户密码库(vaults)未受任何影响,Gong 系统数据也未被访问。LastPass 已立即采取措施,包括停止员工对 Klue 的访问、轮换暴露的 API 令牌、开展详细调查并与 Klue、Salesforce 及执法部门合作,同时通过 TIME 团队向安全社区分享威胁情报,并加强未来防护。用户应提高警惕,防范可能利用泄露信息发起的钓鱼邮件、电话或社交工程攻击,并牢记 LastPass 绝不会索要主密码,所有官方沟通均通过可信渠道发送。
.Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.