THE cybersecurity firm LastPass has reported that it was affected by a recent hack involving Klue, wherein a threat actor named Icarus used compromised credentials to access the systems of Klue. This breach resulted in unauthorized access to connected Salesforce instances, leading to the bulk exfiltration of business data, though no internal systems were compromised. The information accessed included CRM data like names, phone numbers, and emails. Companies like Gong and 8x8 also confirmed impacts from this breach.
Icarus has listed several organizations whose Salesforce data was stolen. Investigations are ongoing, with affected companies taking steps to mitigate further risks.