logo

Salesforce Disables Klue Integration After OAuth Token Theft Hits Customer Data

ID: 00d63558-21ac-52c4-a028-2e98f4ba18f7

STIX ID: report--00d63558-21ac-52c4-a028-2e98f4ba18f7

Feed Name: HackRead

Threat Score
75/100

Date Published: 2026-06-22

Date Updated: 2026-06-22

Author: Deeba Ahmed

...
...

A supply-chain compromise of the Klue Battlecards Salesforce integration allowed attackers to exploit an active test credential, harvest OAuth tokens, and exfiltrate customer business data from multiple organizations; the extortion group Icarus claimed responsibility and Salesforce disabled the integration on 17 June 2026. Affected firms reported theft of contacts, quotes, and sales messages (not passwords or payment details); recommended mitigations include revoking and reissuing OAuth grants and passwords.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.