What are OAuth tokens and why is their theft dangerous?

OAuth tokens are used for secure access to third-party services without sharing passwords. Their theft allows attackers to gain unauthorized access to corporate data, systems, and applications, potentially leading to leaks of sensitive information.

Who are the Icarus hackers?

Icarus is a new hacker group specializing in cyber extortion. They claimed responsibility for the attack on Klue, though details about their methods and scale of operations remain unclear.

How can companies protect themselves from such attacks?

Companies should implement multi-factor authentication, regularly update access tokens, monitor suspicious activity in systems, and conduct security audits of integrations with third-party services.

← All news

Security

Hackers Icarus Breach Klue and Steal Salesforce OAuth Tokens

June 20, 2026

Photo: BleepingComputer

Quick answer

Hackers from the Icarus group breached Klue and stole OAuth tokens that provide access to clients' Salesforce environments.

Business analytics platform Klue has officially confirmed a cyber breach in which attackers stole OAuth tokens used to connect to clients' Salesforce accounts. The incident gained attention after the previously unknown hacker group Icarus claimed responsibility for the attack and demanded a ransom.

According to the company, the attack targeted vulnerabilities in the authentication system, allowing hackers to access critical data. The OAuth tokens, which were the target of the attackers, enable Klue’s integration with corporate Salesforce environments, posing risks to client data security.

Klue is currently collaborating with cybersecurity experts to investigate the incident and minimize its impact. The company has notified affected clients and recommended additional protective measures, including token rotation and enhanced access controls.

Experts note that the attack on Klue demonstrates the growing threat to corporate platforms using OAuth for cloud service integrations. Such incidents underscore the need for stronger security measures, especially amid the rise of cybercrime.

Common questions

What are OAuth tokens and why is their theft dangerous?: OAuth tokens are used for secure access to third-party services without sharing passwords. Their theft allows attackers to gain unauthorized access to corporate data, systems, and applications, potentially leading to leaks of sensitive information.
Who are the Icarus hackers?: Icarus is a new hacker group specializing in cyber extortion. They claimed responsibility for the attack on Klue, though details about their methods and scale of operations remain unclear.
How can companies protect themselves from such attacks?: Companies should implement multi-factor authentication, regularly update access tokens, monitor suspicious activity in systems, and conduct security audits of integrations with third-party services.

Dzen feed: /feed/dzen.xml · RSS: /feed.xml