Klue Breach Exposes Cybersecurity Firms to Supply Chain Risk

Klue Breach Exposes Cybersecurity Firms to Supply Chain Risk

Klue, which provides competitive intelligence services, has been implicated in a supply chain compromise as an example of how trusted third-party integrations can lead to high-impact attacks on enterprise systems. As a consequence of the incident, which occurred on June 11, unauthorized access to Klue’s backend infrastructure allowed threat actors to deploy malicious code designed to harvest authentication tokens related to customer integrations…

Klue breach exposed Salesforce CRM data through stolen OAuth tokens

An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce and other platforms, and accessed data across multiple customer environments prompting the company to revoke customer OAuth tokens and disable affected integrations. “An attacker gained access through a compromised legacy credential associated with an integration service,” Klue CEO Jason Smith said in a posting to the compan…

Salesforce Disables Klue Integration After OAuth Token Theft Hits Customer Data

Icarus extortion group used a legacy Klue Battlecards credential to bypass security and steal bulk Salesforce records from affected companies.

Klue breach lets attackers steal Salesforce CRM data

Trusted third-party access has let attackers quietly pull large volumes of Salesforce records from enterprise systems via a Klue integration.