What happened
Klue, a market intelligence provider, suffered a data breach on June 12 after the Icarus hacking group exploited a compromised legacy credential within its integration infrastructure, specifically the Klue Battlecards app. This compromised credential granted access to customer Salesforce environments, exfiltrating business contact information and account data. Affected cybersecurity firms include Huntress, Recorded Future, Jamf, and Snyk, among others. Klue engaged CrowdStrike for forensics and disconnected its integrations to prevent further access.
Why it matters
This incident underscores the critical supply chain risk posed by third-party data integrators, particularly those with extensive access via integration credentials and tokens. Procurement teams and security architects must reassess vendor security postures, focusing on integration mechanisms and credential management, as a single point of failure can compromise numerous downstream organisations. The attack, which exfiltrated CRM data, follows a pattern of supply chain compromises targeting middleware providers like Gainsight and Salesloft.
