Password management company LastPass has confirmed that hackers accessed customer data stored in its Salesforce environment using OAuth tokens stolen from a third-party vendor, Klue. The company said it was notified of the incident by Klue on June 12, 2026.