ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Cloud

Klue confirms OAuth token theft from Salesforce integrations tied to Icarus

Source headline: Klue OAuth breach victim list grows as Icarus hackers claim attack

Threat level High
Signal strength 75/100
Source confidence 1 source
Published 1 hour ago

Intelligence Summary

Klue has confirmed that an incident exposed OAuth tokens used to connect customers to their Salesforce environments. Threat actors used the stolen tokens to gain unauthorized access to connected resources. The extortion group “Icarus” publicly claimed responsibility for the incident. Klue’s disclosures indicate the victim list continues to grow. Organizations that integrate Salesforce via Klue should review token access, rotate credentials, and check for suspicious authentication activity.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#incident-response #extortion #oauth #salesforce #klue #token-theft
Original reporting BleepingComputer Klue OAuth breach victim list grows as Icarus hackers claim attack
Open original source

Related Pulse Signals

View all signals
High · Cloud Klue supply-chain breach exposed Salesforce data from security firms High · Cloud Salesforce blocks Klue Battlecards integration after OAuth token misuse High · Cloud Klue OAuth breach exposes Salesforce CRM data in Icarus extortion Medium · Cloud Microsoft 365 backup has coverage gaps—data recovery needs more planning