Signal
Klue OAuth token theft leads to Salesforce data breach affecting cybersecurity firms
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-06-18 21:56 UTCUpdated 2026-06-19 22:31 UTC
rss
cveexploitsbreachesmalwarethreat_actorsadvisories
Trend in the last 24h
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
Klue, a marketing intelligence platform, confirmed a security breach involving a compromised legacy credential that allowed attackers to steal OAuth tokens. These tokens were used to access and exfiltrate data from customers' Salesforce and Gong instances.
Entities
KlueSalesforceHuntressRecorded FutureGong
Score total
1.52
Momentum 24h
4
Posts
4
Origins
4
Source types
1
Duplicate ratio
0%
Why now
- Attack and response occurred in June 2026, with ongoing impact on affected customers
- Icarus extortion group publicly claims responsibility, raising threat actor profile
- Salesforce's disabling of Klue app integration affects many organizations relying on this integration
Why it matters
- Highlights risks of compromised credentials in third-party integrations
- Demonstrates potential impact on cybersecurity firms from supply chain attacks
- Shows importance of rapid incident response by cloud service providers
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
- Klue confirmed attackers used a compromised legacy credential to steal OAuth tokens and access customer Salesforce data
- Salesforce disabled the Klue app integration following the OAuth token abuse to protect customers
- Cybersecurity firms such as Huntress and Recorded Future were impacted by the Klue supply chain attack
How sources frame it
- Klue Official Statement: neutral
- Security Researchers: neutral
- Salesforce Alert: neutral
This briefing consolidates multiple reports on the Klue OAuth token theft incident and its impact on Salesforce customers, including cybersecurity firms, emphasizing the supply chain attack vector and response measures.
All evidence
All evidence
Klue OAuth breach victim list grows as Icarus hackers claim attack
BleepingComputer · bleepingcomputer.com · 2026-06-19 22:31 UTC
Klue Confirms OAuth Token Theft Led to Salesforce Data Heist
BankInfoSecurity · bankinfosecurity.com · 2026-06-19 18:40 UTC
Cybersecurity Firms Impacted by Klue Supply Chain Attack
SecurityWeek · securityweek.com · 2026-06-19 09:19 UTC
Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data
thehackernews · thehackernews.com · 2026-06-19 09:03 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -
Showing 4 / 0
Top publishers (this list)
- BleepingComputer (1)
- BankInfoSecurity (1)
- SecurityWeek (1)
- thehackernews (1)
Top origin domains (this list)
- bleepingcomputer.com (1)
- bankinfosecurity.com (1)
- securityweek.com (1)
- thehackernews.com (1)