Roughly two dozen Klue customers confirmed Salesforce instances were compromised in a supply chain attack that used stolen legacy credentials and OAuth tokens to exfiltrate data. The incident has been linked to threat actor Icarus, which targeted Klue and several customers while allegedly affecting 195 Klue customers in total. #Klue #Salesforce #Icarus
Keypoints
- Hackers accessed Klue using compromised legacy credentials.
- OAuth tokens from Klue integrations were used to steal customer data.
- Salesforce disabled the Klue integration on June 17.
- Impacted organizations include AlertMedia, Blackbaud, Camunda, Cresta, Deel, Lucanet, Link11, and Tines.
- Icarus claimed the attack and threatened to leak stolen business contact and support data.
Read More: https://www.securityweek.com/more-klue-breach-victims-identified-as-hackers-get-hacked/