Cybercrime Breaches Klue: Salesforce Data Impacted for Many Victims, including Huntress
ID: a6a894c4-ff48-5714-87b8-1e90a9d9b5fe
STIX ID: report--a6a894c4-ff48-5714-87b8-1e90a9d9b5fe
Feed Name: Huntress Blog
A supply-chain compromise of Klue in mid-June 2026 resulted in malicious code deployed to Klue backend systems that harvested OAuth tokens, enabling the Icarus extortion group to query and exfiltrate Salesforce- and Gong-related CRM data from multiple Klue customers (including Huntress). Icarus has publicly listed victims and posted sample data on leak sites while demanding contact via Session; Huntress confirmed impacted data is limited to sales and contact records (no telemetry, agent code, passwords, or payment card data) and published recommended mitigations (revoke sessions, review logs, request vendor logs, monitor for phishing).
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
