Klue Breach Enables Hackers to Compromise Cybersecurity Firms via OAuth Tokens
ID: 1c0a4ea6-1255-5789-9ab5-6f54ad995d07
STIX ID: report--1c0a4ea6-1255-5789-9ab5-6f54ad995d07
Feed Name: Infosecurity Magazine (News)
Threat Score
Klue detected an intrusion on June 12 in which a compromised legacy credential allowed attackers to access the Klue Battlecards integration, steal OAuth tokens, and impersonate Klue to access and exfiltrate customer data from connected Salesforce instances; several cybersecurity firms and other customers were affected, Klue revoked tokens, removed malicious code, engaged CrowdStrike for forensics, and the extortion group Icarus claimed the breach.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
