Salesforce Disables Klue Integration After OAuth Token Theft Hits Customer Data
ID: 00d63558-21ac-52c4-a028-2e98f4ba18f7
STIX ID: report--00d63558-21ac-52c4-a028-2e98f4ba18f7
Feed Name: HackRead
A supply-chain compromise of the Klue Battlecards Salesforce integration allowed attackers to exploit an active test credential, harvest OAuth tokens, and exfiltrate customer business data from multiple organizations; the extortion group Icarus claimed responsibility and Salesforce disabled the integration on 17 June 2026. Affected firms reported theft of contacts, quotes, and sales messages (not passwords or payment details); recommended mitigations include revoking and reissuing OAuth grants and passwords.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
