logo

Klue Breach Enables Hackers to Compromise Cybersecurity Firms via OAuth Tokens

ID: 1c0a4ea6-1255-5789-9ab5-6f54ad995d07

STIX ID: report--1c0a4ea6-1255-5789-9ab5-6f54ad995d07

Feed Name: Infosecurity Magazine (News)

Threat Score
75/100

Date Published: 2026-06-22

Date Updated: 2026-06-22

...
...

Klue detected an intrusion on June 12 in which a compromised legacy credential allowed attackers to access the Klue Battlecards integration, steal OAuth tokens, and impersonate Klue to access and exfiltrate customer data from connected Salesforce instances; several cybersecurity firms and other customers were affected, Klue revoked tokens, removed malicious code, engaged CrowdStrike for forensics, and the extortion group Icarus claimed the breach.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.