Security Shops Among the 'Hundreds' of Klue Hack Victims
Attackers used stolen OAuth tokens to access Salesforce data at hundreds of Klue customers, and several security vendors said their CRM records were exposed.
- On Friday, Klue CEO Jason Smith disclosed that attackers used a compromised legacy credential to access customer Salesforce environments, enabling the Icarus extortion group to steal data from hundreds of customers.
- Klue spotted the unauthorized activity a day after the breach occurred on June 11, prompting Mandiant CTO Charles Carmakal to urge organizations to immediately audit their systems for evidence of compromise.
- Huntress, among the "hundreds of Klue customers" affected, received extortion demands via a "top secret email" from Icarus, while vendors including Recorded Future and Tanium revealed attackers accessed their CRM data.
- In response, Klue disconnected all integrations with Salesforce, HubSpot, and Google Drive while engaging CrowdStrike to assist with the investigation and security response.
- While the attack "resembles the 2025 and 2026 third-party OAuth abuse campaigns against Salesforce," researchers have not linked Icarus to ShinyHunters, though the group has been active since April 28.
15 Articles
15 Articles
Security shops among the 'hundreds' of Klue hack victims
The list of Klue customers whose Salesforce data was stolen in the latest supply-chain heist keeps growing, with an increasing number of cybersecurity companies disclosing that they are among the victims of a new data-theft and extortion crew called Icarus. Klue, which provides market intelligence to more than 250,000 companies worldwide, hasn’t said how many of its customers were caught up in the breach and didn’t immediately respond to The Reg…
LastPass Customer Data Exposed in Klue Supply Chain Attack
LastPass has disclosed a supply chain security incident involving its third-party vendor, Klue, that resulted in unauthorized access to customer data within its Salesforce environment. The company confirmed that the breach did not affect its core infrastructure or password vaults. However, it highlights ongoing risks associated with SaaS integrations and OAuth token exposure. The incident was identified on June 12, when LastPass was notified of …
Klue Breach Exposes Salesforce Data at Cybersecurity Firms
A supply chain attack against competitive intelligence platform Klue has led to the exposure of Salesforce data belonging to multiple organizations, including several well-known cybersecurity companies. The incident highlights how a single compromised integration credential can create a cascading security event across numerous interconnected cloud environments. “Our investigation determined that an attacker gained access through a compromised l…
Klue Breach Exposes Cybersecurity Firms to Supply Chain Risk
Klue, which provides competitive intelligence services, has been implicated in a supply chain compromise as an example of how trusted third-party integrations can lead to high-impact attacks on enterprise systems. As a consequence of the incident, which occurred on June 11, unauthorized access to Klue’s backend infrastructure allowed threat actors to deploy malicious code designed to harvest authentication tokens related to customer integrations…
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
