Password manager LastPass says attackers stole customer support and sales records through a breach at Klue, a market-research partner. Its own systems and users' password vaults were not affected.

Exposed data spans names, emails, phone numbers, addresses, and support cases for a service with over 33 million users. A group calling itself Icarus claimed the hack and is threatening to leak the data unless it is paid.

No credentials leaked, but the contact and support details are prime fuel for targeted phishing, the same vector that followed LastPass's 2022 breach and fueled a wave of crypto wallet thefts.