As reported by Bleeping Computer, market intelligence platform Klue has experienced a significant security breach, allowing the "Icarus" threat actor group to steal sensitive Salesforce CRM data from multiple organizations as part of an ongoing extortion campaign.The attack involved the theft of OAuth credentials from Klue's Battlecards integration, which threat actors then used to access and exfiltrate data from customer Salesforce instances. Cybersecurity firms ReliaQuest and Huntress confirmed the incident, with Huntress stating their own Salesforce data was compromised. The attackers utilized automated scripts to query Salesforce's REST API, systematically identifying and stealing valuable CRM information, including business contacts, sales communications, and account data.Salesforce has since disabled the Klue Battlecards integration to mitigate further damage while the investigation proceeds. The "Icarus" group, believed to have emerged in April 2026, has begun extorting affected organizations, demanding payment for the stolen data. This incident highlights the risks associated with third-party integrations and the importance of securing OAuth tokens.Source: Bleeping Computer
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds