logo

Klue OAuth breach victim list grows as Icarus hackers claim attack

ID: fb082a8c-2bcb-5cc4-9ca7-2f528211a7f7

STIX ID: report--fb082a8c-2bcb-5cc4-9ca7-2f528211a7f7

Feed Name: DataBreaches.Net

Threat Score
70/100

Date Published: 2026-06-21

Date Updated: 2026-06-21

Author: Dissent

...
...

Klue disclosed unauthorized activity on June 12 after attackers abused Klue Battlecards integrations to steal OAuth tokens and exfiltrate Salesforce CRM data from multiple partner organizations; the extortion group Icarus has claimed the attack and posted demands, and security firms Huntress and ReliaQuest published analysis of the compromise.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.