Did they need to give them all of this?
replycustomer names, phone numbers, email addresses, physical addresses, support case data, sales-related data.
Generally yes, if you want to use a Customer Relationship Management system like Salesforce. Customer names, contact information, and info about what they bought from you is table stakes data for CRM is it not?
replyBitwarden doesn't redirect you to a third party if you visit their support page:
replyBut LastPass does (Salesforce CNAME):
https://support.lastpass.com/s/?language=en_US
So this couldn't have happened to bitwarden, you own the reputation loss if any of your suppliers get owned. Though it really doesn't matter anymore for LastPass they leaked their customers vaults before, I have no idea how they can still be in business.
Not supply the information to any other company.
replyNot installing the infected package of course.
replyIt's worth noting that this is not 'their marketing provider' what they do is load 30 different providers for some reason, to maximize the reach of their data sharing and advertising network. Well, their network reached too far and touched an infected node.
You have no idea what Klue is
reply