Klue breach exposed Salesforce CRM data through stolen OAuth tokens
Summary
Competitive-intelligence vendor Klue experienced a data breach where an attacker gained access through a compromised legacy credential and stole OAuth tokens. This allowed the attacker to access data within multiple customer Salesforce environments, prompting Klue to revoke tokens and disable affected integrations.
IFF Assessment
FOE
This incident represents a data breach and unauthorized access to customer data, which is negative for defenders.
Defender Context
This breach highlights the risks associated with legacy credentials and the misuse of OAuth tokens. Defenders should ensure proper management and deactivation of integration credentials, and implement robust monitoring for unusual token activity to prevent similar attacks.