Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Klue Battlecards app Salesforce customer data leak

Data Leak
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

A Klue Battlecards app connection to Salesforce exposed customer data after unauthorized access let attackers copy records from connected environments, affecting Klue customers including Huntress. The copied information included business contacts, price quotes, and other sales-related data and messaging. Klue said the intrusion began with a compromised legacy credential and later used stolen OAuth tokens to query customer CRM tools directly. Salesforce disabled the integration, showing the exposure was limited to the app connection but still reached sensitive customer records.

Related Happenings

Klue hit by network compromise

Incident
H score39 First: 18.06.2026 17:19 Last: 18.06.2026 17:19 Sources 1

How related: Klue said it detected unauthorized activity affecting a portion of Klue's integration infrastructure on June 12, 2026, adding the attackers gained access through a compromised legacy credential associated with an integration service.

About this happening: **Klue** suffered a **June 11–12, 2026** integration compromise that let attackers steal **OAuth tokens** and access connected **Salesforce** environments, prompting Salesforce to...

Open Happening

Carnival Corporation customer data leak

Data Leak
H score60 First: 28.05.2026 13:49 Last: 28.05.2026 13:49 Sources 1

About this happening: **Carnival Corporation** confirmed a **customer data leak** that exposed personal information for **5,995,277 people**, making this a large-scale privacy and identity-risk event....

Open Happening

Crunchyroll hit by network compromise

Incident
H score69 First: 23.03.2026 21:21 Last: 23.03.2026 21:21 Sources 1

About this happening: Crunchyroll is investigating a **breach** that allegedly exposed support systems and user data, putting about **6.8 million** people at risk. The claimed intrusion involved a **su...

Open Happening

ShinyHunters / UNC6240 OAuth token campaign targeting Gainsight-published Salesforce apps

Campaign
H score19 First: 21.11.2025 07:32 Last: 21.11.2025 07:32 Sources 1

About this happening: The **ShinyHunters (UNC6240)** campaign targeting **Gainsight-published applications connected to Salesforce** is expanding a multi-organization SaaS integration abuse pattern tha...

Open Happening

Salesforce hit by network compromise

Incident
H score81 First: 20.11.2025 18:47 Last: 20.11.2025 18:47 Sources 1

About this happening: **Salesforce** revoked **refresh tokens** and temporarily removed **Gainsight-published applications** after detecting **unusual activity** that may have enabled **unauthorized ac...

Open Happening

Timeline

  1. 19.06.2026 12:03 1 articles · 3h ago

    Klue integration service compromise exposes Salesforce-connected customer data

    Exploitation Observed

    A compromised legacy credential associated with Klue's integration service was used on June 11, 2026 to obtain OAuth tokens for third-party connections, allowing access to data in connected customer environments tied to Salesforce.

    Show sources
    Open in new tab
  2. 19.06.2026 12:03 1 articles · 3h ago

    Klue detects unauthorized activity in integration infrastructure

    Detection Ioc Update

    Klue said it detected unauthorized activity affecting part of its integration infrastructure on June 12, 2026, and linked the access to a compromised legacy credential that let an attacker obtain OAuth tokens for connected platforms including Salesforce.

    Show sources
    Open in new tab
  3. 19.06.2026 12:03 1 articles · 3h ago

    Huntress employees receive extortion emails over copied Salesforce data

    Victim Impact Update

    As of June 16, 2026, some Huntress employees received extortion emails stating that Salesforce data had been downloaded, and Huntress said the copied data included business contacts, price quotes, and other sales-related data and messaging.

    Show sources
    Open in new tab
  4. 19.06.2026 12:03 2 articles · 3h ago

    Salesforce disables the Klue Battlecards app integration

    Technical Analysis Update

    Salesforce said it disabled the Klue Battlecards app integration after security teams detected unusual activity that may have exposed a subset of customer data via the app's connection to Salesforce, while ReliaQuest said the activity involved compromised Klue integration access, OAuth tokens, and automated Python scripts that queried the Salesforce REST API for almost 24 hours.

    Show sources
    Open in new tab