KLUE , a market intelligence platform, has confirmed a security breach where threat actors, identified as the 'Icarus' group, stole OAuth tokens used for accessing customer Salesforce environments. This incident, detailed by cybersecurity firms Huntress and ReliaQuest, involved the exploitation of Klue's compromised Battlecards integrations, leading to unauthorized access to Salesforce CRM data from various organizations. Klue's CEO Jason Smith announced the discovery of the breach on June 12. The Icarus group has since made demands to Klue, threatening to affect their associated companies if not addressed promptly.
Icarus hack steals OAuth tokens, leaks Klue Salesforce data
CyberSIXT Evidence Panel
Primary Source
huntress.com
Threat Actor
Icarus
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
Icarus hack steals OAuth tokens, leaks Klue Salesforce data
databreaches.net
-
Klue supply chain breach leaks OAuth tokens via Salesforce API
securityweek.com
-
Salesforce disables Klue app after OAuth token leak
thehackernews.com