Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data

Source Domain: thehackernews.com

In response to a security incident occurring on June 11, Salesforce has disabled the Klue Battlecards app integration due to detected unusual activity potentially leading to unauthorized access to a subset of customer data. This restriction affects various firms that use the app to connect to their Salesforce platforms. On June 12, Klue identified unauthorized access through a compromised legacy credential, resulting in attackers obtaining OAuth tokens to access connected customer environments. The intrusion primarily allowed the extraction of CRM records from Salesforce environments. In the aftermath, multiple firms confirmed being impacted; however, no connections have been made between these latest breaches and previous incidents. Threat actors now increasingly target SaaS supply chains to gain access to numerous enterprise environments simultaneously.

Key Points:
– Salesforce suspended Klue Battlecards app integration following unusual activity potentially leading to unauthorized access.
– Attackers exploited compromised credentials to obtain OAuth tokens, accessing client CRM data through linked Salesforce environments.
– Various firms reported impacts, including business contacts, pricing information, sales messaging, and subscription details.
– Icarus, a recently active group, claimed responsibility for the incident.
– Impacted firms should prepare for potential phishing campaigns utilizing stolen Salesforce data.