Additional Klue Supply-Chain Breach Victims Identified
Hackers compromised Klue in mid-June 2026 via legacy credentials, accessing OAuth tokens and exfiltrating business contact and support data from connected Salesforce instances of roughly two dozen customers. New victims including AlertMedia, Blackbaud, Camunda, and others disclosed impact; the threat actor Icarus threatened to leak the data.
- business contacts
- support data
- crm data
Hackers breached Klue in mid-June 2026 by using legacy credentials, gained access to OAuth tokens, and pulled business contact, support, and CRM data from connected Salesforce instances belonging to roughly two dozen customers.
Public reporting indicates the threat actor known as Icarus first compromised Klue’s systems and then exfiltrated information from the Salesforce environments of companies that had integrated with the competitor-intelligence platform. Among the newly disclosed victims are AlertMedia, Blackbaud, Camunda, and additional organizations that have begun notifying people whose records were taken. The attackers reportedly threatened to publish the stolen data. Available reporting describes the breach as a supply-chain incident in which one company’s compromise exposed contact and support details held by its customers.
Want the rest of this breakdown?
Sign up free to keep reading. Members get extended access, the weekly breach digest, and a complimentary Warden™ to see if their identity is exposed in the breaches we cover.
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →