{"id":235890,"date":"2026-06-23T12:12:00","date_gmt":"2026-06-23T16:12:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/23\/klue-investigating-supply-chain-attack-that-targeted-salesforce-integrations\/"},"modified":"2026-06-23T12:15:09","modified_gmt":"2026-06-23T16:15:09","slug":"klue-investigating-supply-chain-attack-that-targeted-salesforce-integrations","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/23\/klue-investigating-supply-chain-attack-that-targeted-salesforce-integrations\/","title":{"rendered":"Klue investigating supply chain attack that targeted Salesforce integrations"},"content":{"rendered":"

Klue investigating supply chain attack that targeted Salesforce integrations<\/a><\/p>\n

https:\/\/www.cybersecuritydive.com\/news\/klue-investigating-supply-chain-attack-salesforce-integrations\/823532\/<\/a><\/p>\n

Publish Date: 2026-06-23 12:12:00<\/a><\/p>\n

Source Domain: www.cybersecuritydive.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

Klue, a provider of a market intelligence platform, is investigating a supply chain attack that led to the mass exfiltration of Salesforce customer relationship management data belonging to hundreds of customers, including several prominent cybersecurity firms.\u00a0
\nA threat actor used a compromised Klue Battlecards app to gain access to OAuth tokens for connecting Klue with third-party integrations, including Salesforce, according to information from Klue and security researchers at Reliaquest, which warned about the attack in a recent blog post.\u00a0
\nSalesforce, which disabled connections through the Klue Battlecards app until further notice, said there is no indication of a vulnerability within its own platform.\u00a0<\/p>\n

A threat actor tracked as Icarus posted stolen data from several victims on its website, according to a Monday blog post from Huntress. Itself a victim of the attack, Huntress said none of its internal systems were impacted.
\nThe threat group has begun reaching out to companies whose customer data was compromised in the attack, said Charles Carmakal, CTO at Mandiant Consulting.\u00a0
\nSecurity firms impacted
\nSeveral other security companies, including LastPass, Recorded Future and Tanium, confirmed that hackers accessed certain customer data and said they have since revoked their integrations with the Klue app.\u00a0
\nLastPass, a firm that provides a password management app for consumer and enterprise users, said attackers gained access to standard CRM data, including names, emails, physical addresses, phone numbers and support-case data and sales-related information.\u00a0
\nThere is no evidence the attack affected LastPass products, services or infrastructure. Klue OAuth tokens have since been rotated.\u00a0
\nTanium confirmed that business contact information, including names, business addresses, job titles, email addresses and social media handles might have been stolen. In a blog post, Tanium said its own products and cloud infrastructure were unaffected.
\nRecorded Future officials said hackers were able to gain access to client contact names and email addresses stored within its Salesforce database, according to a blog post, and some information regarding business contracts might have been affected. There was no impact to Recorded Future\u2019s core platform or any internal infrastructure.\u00a0<\/p>\n

Klue has retained CrowdStrike and is conducting a thorough review of all of its security controls, credential management, monitoring and deployment processes. There is no indication that customer data stored within the Klue platform was impacted by the attack.\u00a0<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Klue investigating supply chain attack that targeted Salesforce integrations https:\/\/www.cybersecuritydive.com\/news\/klue-investigating-supply-chain-attack-salesforce-integrations\/823532\/ Publish Date: 2026-06-23 12:12:00 Source…<\/p>\n","protected":false},"author":1,"featured_media":235891,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/tJcQND7y1Rub4sehryhr-z_s9Swzf3gMNfyNZxasokU\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy04MDgxNTc4MzIuanBn.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,34,27],"class_list":["post-235890","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-threat-actor","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/235890"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=235890"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/235890\/revisions"}],"predecessor-version":[{"id":235892,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/235890\/revisions\/235892"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/235891"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=235890"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=235890"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=235890"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}