CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 22, 2026

Klue Hack Leads to Data Breach Across Multiple Cybersecurity Companies

Cybersecurity News Archived Jun 22, 2026 ✓ Full text saved

A sophisticated supply chain attack on market intelligence platform Klue has compromised Salesforce data across at least nine organizations, including several high-profile cybersecurity firms, with the newly emerged Icarus extortion group claiming responsibility and threatening to release stolen data. The attack began on June 11–12, 2026, when threat actors gained unauthorized access to Klue’s integration […] The post Klue Hack Leads to Data Breach Across Multiple Cybersecurity Companies appeare

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security Klue Hack Leads to Data Breach Across Multiple Cybersecurity Companies By Guru Baran June 22, 2026 A sophisticated supply chain attack on market intelligence platform Klue has compromised Salesforce data across at least nine organizations, including several high-profile cybersecurity firms, with the newly emerged Icarus extortion group claiming responsibility and threatening to release stolen data. The attack began on June 11–12, 2026, when threat actors gained unauthorized access to Klue’s integration infrastructure using a compromised legacy credential tied to an integration service account. Leveraging that foothold, the attackers pushed a malicious code update to harvest OAuth tokens, the authorization keys that allow Klue to connect with customers’ third-party platforms, most critically Salesforce. Klue identified the unauthorized activity on June 12 and notified customers the same day, immediately revoking affected credentials and disabling integrations with Salesforce, HubSpot, SharePoint, Zoom, Gong, Chorus, Clari, Google Drive, and Slack. Salesforce Data Exfiltration at Scale Once inside, attackers abused the Salesforce REST API to exfiltrate large volumes of CRM data, executing nearly 1,000 API queries in just 15 minutes during peak activity, with sustained extraction windows lasting over 6 hours, according to threat intelligence firm ReliaQuest. The stolen data was primarily business contact information, names, email addresses, job titles, phone numbers, business addresses, sales account data, pricing quotes, and sales communications. No core platform data, product telemetry, threat intelligence, passwords, or payment card information was reported compromised by any of the affected organizations. At least nine organizations have publicly disclosed the impact of the breach: HackerOne — Salesforce instance data accessed via the Klue integration Huntress — Business contacts, price quotes, and sales-related data were stolen; Huntress attributed the attack to the Icarus threat actor with high confidence. Jamf — Salesforce CRM data accessed; no impact on products or customer services. OneTrust — Notified customers of Salesforce data exposure. Recorded Future — Client contact names, email addresses, and potential contract information impacted. Snyk, Sprout Social, Insurity, Tanium — All confirmed Salesforce data accessed through the Klue integration. Gong — Internal licensed user data, including names, titles, and emails, accessed; no call recordings or customer transcripts affected. The cybercrime group Icarus publicly claimed the attack on its leak platform, stating it obtained data from multiple Klue partner Salesforce environments. The group issued a ransom demand, threatening to release the stolen data unless Klue complied. Huntress investigators matched indicators from its own compromised environment to Icarus infrastructure, expressing high confidence in the attribution. A ransom note was reportedly sent using an email address linked to an Australian company, potentially compromised as part of the operation. Klue engaged CrowdStrike for incident response and forensic investigation, notified law enforcement, and is conducting a full review of credential management, monitoring capabilities, and deployment processes. CEO Jason Smith acknowledged the incident publicly on June 22, characterizing it as “a deliberate criminal act,” and committed to transparency with customers through direct updates, emails, and 1:1 meetings. All affected companies stressed that the compromise was isolated to the Klue-Salesforce integration layer and did not involve their core platforms or internal infrastructure. The Klue breach underscores the cascading risk of OAuth-based supply chain attacks: a single compromised integration credential can unlock sensitive data across dozens of interconnected enterprise environments simultaneously. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News CISA Warns of Splunk Enterprise Critical Function Vulnerability Actively Exploited in Attacks AutoJack – A Single Web Page Can Hijack Your AI Agent to Execute Malicious Code QNAP Patches Multiple Injection Vulnerabilities Leads to Arbitrary Command Execution pgAdmin 4 Released With Fixes for Seven Security Vulnerabilities and New Features Microsoft Teams Introduces Office Attendance Tracking via Wi-Fi Connection Latest News Cyber Security News Hackers Use RemotePC RMM and PowerShell Stagers to Deploy Prinz Eugen Ransomware Cyber Security 29-Year-Old ‘Squidbleed’ Vulnerability Discovered With the Aid of Claude Mythos Preview Cyber Security News Microsoft’s New Option Allows Organizations to Block Copilot Access to Office Files Cyber Security News Microsoft has urged IT Admins to Prepare for Windows 11, Version 26H2 Update Cyber Security News New Malware Attack Via WhatsApp Attacking Windows System to Enable Remote Access For Attackers
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 22, 2026
    Archived
    Jun 22, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗