{"id":279648,"date":"2026-06-23T12:12:00","date_gmt":"2026-06-23T16:12:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/23\/klue-investigating-supply-chain-attack-that-targeted-salesforce-integrations\/"},"modified":"2026-06-23T12:15:09","modified_gmt":"2026-06-23T16:15:09","slug":"klue-investigating-supply-chain-attack-that-targeted-salesforce-integrations","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/23\/klue-investigating-supply-chain-attack-that-targeted-salesforce-integrations\/","title":{"rendered":"Klue investigating supply chain attack that targeted Salesforce integrations"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/klue-investigating-supply-chain-attack-salesforce-integrations\/823532\/\">Klue investigating supply chain attack that targeted Salesforce integrations<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/klue-investigating-supply-chain-attack-salesforce-integrations\/823532\/\">https:\/\/www.cybersecuritydive.com\/news\/klue-investigating-supply-chain-attack-salesforce-integrations\/823532\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-23 12:12:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p><span><span><span><span><span><span>Klue, a provider of a market intelligence platform, is <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>investigating a supply chain attack<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span> that led to the mass exfiltration of Salesforce customer relationship management data belonging to hundreds of customers, including several prominent cybersecurity firms.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>A threat actor used a compromised Klue Battlecards app to gain access to OAuth tokens for connecting Klue with third-party integrations, including Salesforce, according to information from Klue and security researchers at Reliaquest, <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>which warned about the attack<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span> in a recent blog post.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>Salesforce, which <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>disabled connections through the Klue Battlecards app<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span> until further notice, said there is no indication of a vulnerability within its own platform.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>A threat actor tracked as Icarus posted stolen data from several victims on its website, according to a <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>Monday blog post from Huntress.<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span> Itself a victim of the attack, Huntress said none of its internal systems were impacted.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>The threat group has begun reaching out to companies whose customer data was compromised in the attack, said Charles Carmakal, <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>CTO at Mandiant Consulting<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span>.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<h3 class=\"standard-heading\"><span><span><span><span><span><span>Security firms impacted<\/span><\/span><\/span><\/span><\/span><\/span><\/h3>\n<p><span><span><span><span><span><span>Several other security companies, including LastPass, Recorded Future and Tanium, confirmed that hackers accessed certain customer data and said they have since revoked their integrations with the Klue app.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>LastPass, a firm that provides a password management app for consumer and enterprise users, said <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>attackers gained access to standard CRM data<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span>, including names, emails, physical addresses, phone numbers and support-case data and sales-related information.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>There is no evidence the attack affected LastPass products, services or infrastructure. Klue OAuth tokens have since been rotated.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>Tanium confirmed that business contact information, including names, business addresses, job titles, email addresses and social media handles might have been stolen. <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>In a blog post,<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span> Tanium said its own products&#8230;<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/klue-investigating-supply-chain-attack-salesforce-integrations\/823532\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Klue investigating supply chain attack that targeted Salesforce integrations https:\/\/www.cybersecuritydive.com\/news\/klue-investigating-supply-chain-attack-salesforce-integrations\/823532\/ Publish Date: 2026-06-23 12:12:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":279650,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/tJcQND7y1Rub4sehryhr-z_s9Swzf3gMNfyNZxasokU\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy04MDgxNTc4MzIuanBn.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[57,34,27],"class_list":["post-279648","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-security","tag-threat-actor","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/279648"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=279648"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/279648\/revisions"}],"predecessor-version":[{"id":279652,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/279648\/revisions\/279652"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/279650"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=279648"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=279648"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=279648"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}