logo

Cybercrime Breaches Klue: Salesforce Data Impacted for Many Victims, including Huntress

ID: a6a894c4-ff48-5714-87b8-1e90a9d9b5fe

STIX ID: report--a6a894c4-ff48-5714-87b8-1e90a9d9b5fe

Feed Name: Huntress Blog

Threat Score
72/100

Date Published: 2026-06-18

Date Updated: 2026-06-25

...
...

A supply-chain compromise of Klue in mid-June 2026 resulted in malicious code deployed to Klue backend systems that harvested OAuth tokens, enabling the Icarus extortion group to query and exfiltrate Salesforce- and Gong-related CRM data from multiple Klue customers (including Huntress). Icarus has publicly listed victims and posted sample data on leak sites while demanding contact via Session; Huntress confirmed impacted data is limited to sales and contact records (no telemetry, agent code, passwords, or payment card data) and published recommended mitigations (revoke sessions, review logs, request vendor logs, monitor for phishing).

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.