What is OAuth, and why are its vulnerabilities dangerous?

OAuth is an open authorization protocol that allows third-party services to access user data with limited permissions. Vulnerabilities in OAuth can lead to unauthorized access to sensitive information, as demonstrated in the Klue attack.

What data was stolen in the Klue attack?

The attackers gained access to Salesforce CRM data, including customer information, business insights, and other confidential details that could be used for extortion.

How can businesses protect Salesforce data from similar attacks?

Organizations should regularly update security systems, implement multi-factor authentication, restrict third-party app access via OAuth, and monitor suspicious activity in CRM platforms.

← All news

Security

Salesforce Data Leak via Klue’s OAuth Vulnerability

June 18, 2026

Photo: BleepingComputer

Quick answer

The Icarus cybercrime group is leveraging an OAuth vulnerability in Klue’s platform to steal Salesforce CRM data as part of an extortion campaign.

Klue, a competitive intelligence platform, has fallen victim to a cyberattack where threat actors exploited a vulnerability in its OAuth protocol. The Icarus group, behind this campaign, successfully accessed Salesforce CRM data from multiple organizations. The incident is part of a larger extortion operation where cybercriminals demand ransom to prevent the release of stolen data.

The attack began with the exploitation of an OAuth flaw, which enables third-party applications to interact with user data. In this case, attackers leveraged the vulnerability to gain access to corporate data stored in Salesforce. Cybersecurity experts emphasize that such incidents highlight the critical need for strict control over OAuth integrations.

Klue representatives have confirmed the incident and stated that they are taking measures to address the vulnerability. The company is also collaborating with affected organizations to mitigate the impact of the breach. Salesforce has advised its customers to strengthen account security, including the use of multi-factor authentication and regular audits of third-party app access.

Common questions

What is OAuth, and why are its vulnerabilities dangerous?: OAuth is an open authorization protocol that allows third-party services to access user data with limited permissions. Vulnerabilities in OAuth can lead to unauthorized access to sensitive information, as demonstrated in the Klue attack.
What data was stolen in the Klue attack?: The attackers gained access to Salesforce CRM data, including customer information, business insights, and other confidential details that could be used for extortion.
How can businesses protect Salesforce data from similar attacks?: Organizations should regularly update security systems, implement multi-factor authentication, restrict third-party app access via OAuth, and monitor suspicious activity in CRM platforms.

Dzen feed: /feed/dzen.xml · RSS: /feed.xml