Roughly two dozen Klue customers have come forward and confirmed that their Salesforce instances were compromised in a supply chain attack earlier this month. The attack unfolded between June 11 and 12, when hackers used compromised legacy credentials to access the market intelligence platform Klue, obtain OAuth tokens for customers’ Klue integrations, and exfiltrate data in bulk. Salesforce disabled the Klue integration on June 17, and its status page shows it has yet to re-enable it. Gong also disabled the integration. The list of impacted organizations also includes AlertMedia, Blackbaud (requires authentication), Camunda, Cresta, Deel, Lucanet, Link11, and Tines. Klue has hundreds of customers and the blast radius could be wider, but SecurityWeek has not seen other notifications regarding the incident. It should also be noted that some Klue customers, such as Autodesk, might not use the Salesforce integration with Klue and were not affected.

Full report : Roughly two dozen companies have notified their customers of the Klue-Salesforce incident impact.