A supply chain attack targeting the market intelligence platform Klue compromised the Salesforce instances of approximately two dozen customers between June 11 and 12. Hackers utilized old credentials to gain access, exfiltrating data including business contacts. The affected organizations include notable names such as BeyondTrust, LastPass, and AlertMedia. Klue's integration with Salesforce was disabled on June 17 and has not been reinstated.
The threat actor, known as Icarus, threatened to leak stolen data unless a ransom was paid. Reports indicate that negotiations may have occurred, resulting in the deletion of some stolen data by Icarus. The attack potentially impacts 195 customers, with the total effects still being assessed.