Klue OAuth breach exposes Salesforce CRM data in Icarus extortion
Source headline: Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks
Intelligence Summary
Klue, a market intelligence platform, suffered an OAuth breach tied to the Icarus threat actors. The stolen OAuth access enabled unauthorized access to Salesforce CRM data for multiple organizations. Victims are being pulled into an ongoing extortion campaign using the acquired data. The incident highlights how third-party OAuth compromise can quickly turn into CRM data theft. Organizations using Salesforce integrations with third-party platforms should review OAuth app authorizations and access logs. Rapid token revocation and tightened authentication controls can reduce further exposure.
Recommended Action
Review affected assets, schedule urgent remediation, and monitor related indicators.
