Klue OAuth Breach Exposes Salesforce Data at 11 Security Firms

An extortion group called Icarus used a forgotten prototype service account at competitive intelligence platform Klue to push token-harvesting code into Klue's integration infrastructure on June 11, steal OAuth tokens from active customer connections, and drain Salesforce CRM data from at least 11 named organizations. The confirmed victims include Huntress, Recorded Future, LastPass, Tanium, Jamf, Sprout Social, Gong, Insurity, HackerOne, Snyk, and OneTrust. Salesforce disabled the Klue Battlecards integration platform-wide on June 17; Klue CEO Jason Smith issued a public statement on June 19 — eight days after the initial intrusion. Icarus launched extortion emails on June 16 with a 48-hour ultimatum to contact them via Session Messenger, then began posting stolen data on June 22. None of the affected organizations lost customer passwords, payment data, or product infrastructure — but every one of them lost the sales contact lists, pricing communications, and competitive intelligence that make their customer bases targetable in the months ahead. The decision point for every CISO whose organization runs third-party SaaS integrations is whether their program maintains a live inventory of OAuth grants and integration service accounts, including ones tied to projects that never launched.

One Abandoned Credential, Eleven Breached Organizations

The entry point was a legacy service account credential Klue created for a third-party integration prototype that was never deployed and never decommissioned. Icarus obtained that credential, connected to Klue's backend infrastructure, and pushed a malicious code update designed to harvest OAuth tokens as Klue's platform authenticated to customer services. That code ran from June 11.

Klue detected the unauthorized activity on June 12, immediately revoked OAuth credentials, and suspended integrations with Salesforce, HubSpot, SharePoint, Zoom, Gong, Chorus, Clari, Google Drive, and Slack. The tokens had already been taken. Klue removed the malicious code on June 13, but Icarus already held valid OAuth access to an unknown number of customer environments.

Icarus then used automated Python scripts to issue REST API queries against those customer Salesforce instances. Threat intelligence firm ReliaQuest (vendor-sourced) observed attackers executing nearly 1,000 API queries in a 15-minute window at peak activity and sustaining extraction for over six hours. No vulnerability in Salesforce was exploited. The tokens presented as legitimate authorized access — because they were.

Extortion emails with the subject line "top secret email" reached confirmed victims on June 16, routed through infrastructure belonging to Global Retail Brands, an Australian appliance retailer whose mail servers Icarus had separately compromised for the purpose. Icarus publicly posted Klue and its customers to their dark web leak site on June 19 and began publishing stolen datasets on June 22.

Technology and Cybersecurity: Eleven Named Organizations Confirmed

The distinction between what was taken and what was not does not reduce the forward risk. Business contact information, pricing structures, and sales communications from cybersecurity vendors sit directly upstream of targeted social engineering against their customer bases. For HackerOne and Snyk, whose customers include security researchers and development teams handling vulnerability data and code secrets, the stolen contact inventory creates a specific and high-value targeting surface for follow-on campaigns.

$4.91 Million Average. That Is Before the Downstream Exposure.

IBM Security's 2025 Cost of a Data Breach Report (vendor-sourced) puts the average remediation cost of a third-party-originated breach at $4.91 million, and attributes third-party involvement to 30% of all breaches in the dataset. Neither figure captures the secondary exposure this specific attack pattern generates.

Gong issued a separate disclosure confirming that internal licensed user data — usernames, business titles, and email addresses — was accessed for a subset of customers using the Klue integration. Gong is deployed broadly across enterprise sales organizations to record and analyze customer conversations. Its user data maps organizational hierarchies and account relationships across client companies, which is operationally useful for social engineering at scale.

No affected organization has disclosed a ransom figure. The full cost across 11 organizations — incident response, regulatory notification obligations, and the follow-on campaigns the stolen data will eventually fuel — will not be calculable for months.

MFA Did Not Stop This — Because the Token Was the Authentication

Most enterprise identity programs are built on a core model: authenticate the human, enforce MFA, and you control access. That model did not apply here. Icarus never phished a human user. No MFA prompt was triggered. No conditional access policy fired. The OAuth token carried pre-authorized, persistent access to customer Salesforce environments, granted to Klue and never reviewed.

The specific assumption this breach invalidated is not that MFA is insufficient. It is that integration service accounts created for prototype or discontinued projects are deprovisioned when the project ends. In most programs, they are not. When Klue prototyped an integration, created a service account, and abandoned the project, that credential remained live and unwatched. Icarus authenticated with valid credentials to infrastructure that had no owner, no expiration date, and no one checking the logs. This attack class has a documented prior: UNC6395, assessed by Google as a Chinese threat actor, used the identical OAuth token abuse method against the Salesloft Drift integration in August 2025, reaching more than 700 organizations including Cloudflare, Cisco, and Qantas (Grip Security research, 2025). The Klue playbook was not original — it was proven.

Five Program Actions Specific to This Attack

1. Audit every OAuth grant in Salesforce, Microsoft 365, Slack, and Google Workspace and revoke any grant tied to a vendor not in active production use — Icarus used tokens that remained valid after Klue suspended the integration; the same pattern almost certainly exists in your environment for vendors you evaluated, tested, and moved on from without formal revocation.

2. Apply privileged identity lifecycle governance to integration service accounts — require creation approval, assign an owner, set a 90-day review cadence, and define a formal deprovisioning trigger when a project is cancelled or paused; the Klue entry credential was a prototype account with no owner, no expiration, and no review history.

3. Instrument CRM and SaaS API logs for query volume anomalies from non-human accounts — a threshold of 100+ API calls in a 15-minute window from an integration service account is detectable and was not triggered in any of the confirmed Klue victim environments during the June 11–12 extraction window.

4. Map your fourth-party exposure before your next vendor review cycle — for each SaaS vendor in your stack, identify what downstream services that vendor has authorized to access your data on its behalf; the 11 affected organizations had granted Klue access to Salesforce but had no visibility into what had been authorized to access Klue's integration layer on their behalf.

5. Revise your vendor breach notification SLA to define your own customer disclosure timeline independently of your upstream vendor's statement — Klue revoked tokens on June 12 but did not issue a public statement until June 19; several affected firms learned of their exposure through Icarus extortion emails before Klue notified them, and that seven-day gap is a disclosure posture your own customers will hold you to.
   
   

The Brief

Bajaj Auto Ransomware Confirmed June 23, OT Exposure Status Unknown: India's third-largest two-wheeler manufacturer and its subsidiary Bajaj Auto Technology Ltd confirmed a ransomware attack detected at approximately 8:00 AM IST on June 23, per a regulatory filing, and reported the incident to CERT-In under the Indian IT Act. No threat group, attack vector, or data exfiltration status has been publicly disclosed. The unresolved question for manufacturing-sector CISOs is whether IT and OT environments were sufficiently segmented to prevent lateral movement to production systems — that detail has not been made public.

CVE-2026-20253 in Splunk Enterprise: Unauthenticated RCE at CVSS 9.8, Federal Deadline Passed: A critical flaw in Splunk Enterprise versions 10.0.0–10.0.6 and 10.2.0–10.2.3 allows unauthenticated remote code execution through an exposed PostgreSQL sidecar service endpoint with no authentication controls. WatchTowr published proof-of-concept code on June 12; CISA's federal mitigation deadline of June 21 has passed; both Splunk PSIRT and Resecurity confirm active in-the-wild exploitation. Shadowserver tracks more than 1,400 internet-exposed Splunk instances globally. A compromised Splunk deployment does not just lose data — it removes the defender's visibility into everything else running in the environment.

FortiBleed: 430,000 FortiGate Devices, 110 Million Credentials, Campaign Still Running: SOCRadar's Threat Research Unit (vendor-sourced) documented a credential-harvesting campaign targeting 430,000+ FortiGate firewalls globally since February 2026, using a custom Golang tool called FortigateSniffer, with over 110 million credentials harvested including confirmed exfiltration from a NATO-aligned defense contractor. Fortinet's June 19 PSIRT advisory confirmed the campaign does not exploit a new vulnerability but recycles credentials from two prior disclosed incidents: FG-IR-26-060 and FG-IR-25-647. Organizations that have not rotated FortiGate administrative and VPN credentials since those earlier disclosures should treat their perimeter access as actively compromised until they do.

INC Ransom Posts Ten Law Firms in 48 Hours: Ten law firms appeared on the INC Ransom leak site within a 48-hour window as of June 24, per Halcyon research. The clustering pattern across a single short window points to a shared initial access vector — a common managed service provider, shared legal software product, or coordinated campaign using a single entry point. Legal sector security teams should treat this as a shared vector signal worth correlating against their own MSP and vendor exposure, not 10 unrelated incidents.

The three incidents this week share one structural feature: the vulnerability was not in production systems, it was in the governance of assets that were created, authorized, and never formally closed. Groups that observed the Klue campaign execute will apply the same methodology to every competitive intelligence, revenue operations, and marketing automation platform that shares an integration layer with production Salesforce, Slack, and Microsoft 365 environments. The audit that matters most right now is not a vulnerability scan — it is an inventory of everything your vendors have been authorized to access on your behalf and every service account your organization issued in the last three years that is no longer actively monitored but has never been revoked. Most programs do not have that inventory. The organizations that build it this quarter will be in a materially different position when the next Icarus-pattern group runs the same play.

If this briefing belongs on your security leadership team's reading list, forward it along.