{"id":275987,"date":"2026-06-19T05:03:00","date_gmt":"2026-06-19T09:03:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/19\/salesforce-disables-klue-app-integration-after-oauth-token-abuse-exposes-customer-data\/"},"modified":"2026-06-19T09:20:11","modified_gmt":"2026-06-19T13:20:11","slug":"salesforce-disables-klue-app-integration-after-oauth-token-abuse-exposes-customer-data","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/19\/salesforce-disables-klue-app-integration-after-oauth-token-abuse-exposes-customer-data\/","title":{"rendered":"Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/salesforce-disables-klue-app.html\">Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/salesforce-disables-klue-app.html\">https:\/\/thehackernews.com\/2026\/06\/salesforce-disables-klue-app.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-19 05:03:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p>Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company on June 11, 2026.<\/p>\n<p>To that end, organizations will be unable to connect to Salesforce via the app until further notice, the American cloud-based software company noted in an alert published this week.<\/p>\n<p>&#8220;Salesforce took this action because our security teams recently detected unusual activity involving the app that may have resulted in unauthorized access to a subset of customer data via the app&#8217;s connection to Salesforce,&#8221; it noted. &#8220;This issue is limited to Klue&#8217;s app connection and does not arise from a vulnerability within the Salesforce platform.&#8221;<\/p>\n<p>The development comes as an extortion group dubbed Icarus compromised and exfiltrated data from customers of Klue, including cybersecurity company Huntress.<\/p>\n<p>&#8220;The data that was copied from our Salesforce account includes business contacts, price quotes, and other sales-related data and messaging,&#8221; Huntress said. &#8220;No threat data, passwords, payment card information, or engineering data relating to the Huntress agent or telemetry we collect was affected.&#8221;<\/p>\n<p>In its own update, Klue said it detected unauthorized activity affecting a portion of Klue&#8217;s integration infrastructure on June 12, 2026, adding the attackers gained access through a compromised legacy credential associated with an integration service.<\/p>\n<p>&#8220;The attacker used that access to obtain OAuth tokens used to connect Klue with certain third-party platforms, including Salesforce, and subsequently accessed data within a number of connected customer environments,&#8221; Klue CEO Jason Smith said. &#8220;Based on our investigation to date, the incident was limited to the affected third-party platforms, and there is no evidence that customer content stored within the Klue platform was impacted.&#8221;<\/p>\n<p>Specifically, the intrusion is said to have allowed the threat actor to push a code update capable of&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/salesforce-disables-klue-app.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data https:\/\/thehackernews.com\/2026\/06\/salesforce-disables-klue-app.html Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":275988,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgI7q_DYP5ExkNSDd8Y10rOfYtTIs6sNXxdE6X55nsvKVllZZ14U9mqUY23nzGGPhXx515NVPMI5Btp4MM5qUx0V1lKDvURtKBICbblPPYuN1VSCN12-J0RmpBKCSM0veZc_9hNt1TnD9PdkNTQi8x337E9cPmLn7uyHOPw0_HshcbxKqVnmgOAjJHOOw6g\/s1600\/salesforce.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,34,27],"class_list":["post-275987","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-threat-actor","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/275987"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=275987"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/275987\/revisions"}],"predecessor-version":[{"id":275990,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/275987\/revisions\/275990"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/275988"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=275987"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=275987"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=275987"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}