A recent wave of cyberattacks targeting Salesforce environments has expanded significantly as threat actors, operating under the moniker "Icarus," have reportedly leaked additional data obtained through compromised third-party integrations. The incident highlights a growing concern over supply chain vulnerabilities in cloud ecosystems and the cascading effects that can occur when a single trusted vendor is breached.
The breach originated when attackers infiltrated Klue, a competitive intelligence platform that integrates with Salesforce via OAuth tokens. These tokens, which serve as digital keys granting limited access between applications, were subsequently exploited to access and exfiltrate sensitive Salesforce customer data. What initially appeared to be an isolated incident has now revealed a much broader victim pool, as additional organizations come forward to confirm potential data exposure. The affected entities include various Salesforce customers who had established integrations with Klue, potentially exposing proprietary business