Klue Breach Expands: Dozens of Customers Compromised as Hackers Turn on Each Other

Klue's supply chain attack exposed data from clients like Salesforce; hackers Icarus hit back but faced their own breach.

By Content Team

Jun 26, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

A supply chain attack on market intelligence platform Klue, carried out June 11–12, has now been confirmed by roughly two dozen customers, including AlertMedia, Blackbaud, Deel, and Tines. Hackers used legacy credentials to steal OAuth tokens and bulk-exfiltrate Salesforce data. Salesforce and Gong both disabled the Klue integration on June 17.

The threat actor, Icarus, demanded ransom via a Tor leak site — but then got hacked themselves. A second group reportedly stole sample data from Icarus and launched their own extortion campaign. Klue, which has hundreds of customers, says Icarus has begun deleting the stolen data, suggesting a ransom may have been paid.

Source: SecurityWeek

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Supply Chain Attack "Mini Shai-Hulud" Hits 1,800 Developers Across SAP, Lightning, and Intercom

May 2, 2026

Iranian Hackers Used Stolen Credentials to Breach Medical Giant Stryker

Mar 18, 2026

Critical BitLocker Zero-Day Exploits Leave Windows Systems Exposed

May 14, 2026

Google Patches Actively Exploited Chrome Zero-Day — Update Immediately

Apr 2, 2026