Klue OAuth breach victim list grows as Icarus hackers claim attack

Klue disclosed unauthorized activity on June 12 where a compromised legacy integration credential allowed attackers to generate OAuth tokens and access multiple customers' Salesforce environments; the Icarus extortion group has claimed responsibility and several victim companies reported theft of business contacts, sales communications, pricing and other CRM data. Klue revoked tokens, disabled impacted integrations, removed unauthorized code, notified law enforcement, and engaged CrowdStrike while victims were warned about follow-on phishing and extortion risks.