Salesforce Data Leak Tied to Compromised Klue Battlecards App

THE article from Dark Reading discusses a security breach affecting Salesforce customers through a compromise of the Klue Battlecards app. This marks the third incident involving third-party application integrations with Salesforce leading to unauthorized access to customer data. Klue's integration was suspended following unusual activity detected on June 17, 2026.

Researchers identified that attackers exploited compromised OAuth tokens to exfiltrate data, executing rapid queries against Salesforce instances over a concentrated 24-hour period. The breach appears linked to a new group called Icarus, which threatened disclosure of stolen data to victims, reinforcing concerns about supply chain vulnerabilities in SaaS integrations.

Recommendations for organizations include revoking and reissuing credentials tied to Klue's integration and tightening security measures around API access.