Which companies have confirmed their Salesforce accounts were affected by the breach?

Huntress and Recorded Future are among the companies that have confirmed their Salesforce accounts were affected.

What actions has Klue taken to address the breach?

Klue has revoked affected credentials and tokens, disabled impacted integrations, notified law enforcement, and removed unauthorized code from its systems. It is also conducting a review of its security and deployment practices.

What kind of data was accessed during the breach?

The attackers accessed customer data across multiple environments through OAuth tokens.

Klue Data Breach: Cybercrime Group Icarus Steals OAuth Tokens from Klue Customers

Q: What was the cause of the data breach at Klue?

The breach occurred on June 12 when Klue's systems were compromised through a legacy credential associated with an integration service created in 2022.

Q: How does Klue's platform integrate with third-party platforms like Salesforce?

Klue's platform integrates with various third-party platforms, including Salesforce, allowing customers to access data across multiple environments.

Hack on market research provider Klue exposes customer data, including Salesforce accounts of companies like Huntress and Recorded Future. Klue is taking steps to contain the activity.

The market research provider Klue has been hacked, resulting in a breach of customer data that has left several companies affected by the incident scrambling to mitigate the fallout. The attackers, who claimed to be part of the cybercrime group Icarus, stole OAuth tokens used by Klue customers to connect to Salesforce and other platforms, allowing them to access data across multiple customer environments.

The breach was detected on June 12, when Klue's systems were compromised through a legacy credential associated with an integration service that had been created in 2022. The attackers then used this access to obtain OAuth tokens and subsequently accessed data within connected customer environments. Several companies, including cybersecurity vendors Huntress and Recorded Future, have confirmed that their Salesforce accounts were affected by the breach.

What Happened

The incident began on June 12, when Klue's systems were compromised through a legacy credential associated with an integration service created in 2022. The attackers used this access to obtain OAuth tokens and subsequently accessed data within connected customer environments. Several companies, including Huntress and Recorded Future, have confirmed that their Salesforce accounts were affected by the breach.

Klue has since taken steps to contain the activity, revoking affected credentials and tokens, disabling impacted integrations, notifying law enforcement, and removing unauthorized code from its systems. The company is also conducting a thorough review of its security and deployment practices to prevent similar incidents in the future.

Background and Context

Klue provides business intelligence software that helps salespeople at other tech firms gather information on competitors and win deals. The company's platform integrates with various third-party platforms, including Salesforce, allowing customers to access data across multiple environments. However, this integration also creates a potential vulnerability if an attacker gains access to the OAuth tokens used to connect these platforms.

The use of OAuth tokens is a common practice in software development, as it allows developers to grant applications limited access to user accounts without sharing passwords. However, if an attacker gains access to these tokens, they can use them to access data within connected customer environments. In this case, the attackers used the stolen OAuth tokens to access Salesforce accounts and obtain sensitive information.

Why It Matters to the Industry

The Klue breach highlights the importance of robust security measures in software development, particularly when integrating with third-party platforms. The use of legacy credentials and OAuth tokens can create vulnerabilities if not properly managed, allowing attackers to gain access to sensitive data. This incident serves as a reminder for companies to regularly review their security practices and ensure that they are taking adequate steps to protect customer data.

Furthermore, the breach demonstrates the potential consequences of a cyberattack on a market research provider like Klue. The company's customers rely on its platform to gather information on competitors and win deals, making it essential for Klue to maintain robust security measures to prevent similar incidents in the future.

What Comes Next

Klue has taken steps to contain the activity and is conducting a thorough review of its security and deployment practices. The company has also notified law enforcement and is working with cybersecurity firms to investigate the incident further. In addition, several companies affected by the breach are taking measures to mitigate the fallout, including revoking OAuth tokens and disabling impacted integrations.

The incident serves as a reminder for companies to regularly review their security practices and ensure that they are taking adequate steps to protect customer data. It also highlights the importance of robust security measures in software development, particularly when integrating with third-party platforms.

Key Facts

Klue was hacked on June 12, resulting in a breach of customer data.
The attackers stole OAuth tokens used by Klue customers to connect to Salesforce and other platforms.
Several companies, including Huntress and Recorded Future, confirmed that their Salesforce accounts were affected by the breach.
Klue has taken steps to contain the activity, revoking affected credentials and tokens, disabling impacted integrations, notifying law enforcement, and removing unauthorized code from its systems.
The company is conducting a thorough review of its security and deployment practices to prevent similar incidents in the future.