logo

Scope of Salesforce Attacks Expands as Icarus Leaks Data

ID: 7fe07e11-bdc8-5f2b-82d9-d0cf3262c98e

STIX ID: report--7fe07e11-bdc8-5f2b-82d9-d0cf3262c98e

Feed Name: Dark Reading

Threat Score
70/100

Date Published: 2026-06-23

Date Updated: 2026-06-24

Author: Rob Wright

...
...

The report details a wave of Salesforce data thefts stemming from a Klue integration compromise attributed to the extortion group Icarus. Multiple tech and security firms (including Huntress, LastPass, HackerOne, Recorded Future, Jamf, Snyk, Tanium, and others) reported exposed CRM records and some Gong integration user data; Icarus posted victims' data on a dark web leak site and set extortion deadlines. Affected organizations revoked Klue access, rotated API tokens, and warned of social‑engineering risks and potential exposure of secrets in Salesforce instances.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.