The Hacker News

Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data

Salesforce disabled Klue Battlecards integration after attackers used compromised OAuth tokens to access customer CRM data ...
CSO Online

Klue breach exposed Salesforce CRM data through stolen OAuth tokens

An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce ...
SecurityWeek

What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks

ShinyHunters use tactics including stolen credentials, compromised OAuth tokens, social engineering, vishing, and abuse of ...
CRN

Klue Confirms Breach Exposed CRM Data Across Integrations

‘Beyond Klue, we’re seeing the industry grapple with the unsettling reality that our privacy is under attack as long as criminals won’t settle for less than the breach de jour,’ says Huntress CEO Kyle ...
Infosecurity Magazine

Klue Breach Enables Hackers to Compromise Cybersecurity Firms via OAuth Tokens

At least four cybersecurity firms confirmed they have been affected by a breach of business intelligence platform Klue via ...
Dark Reading

Salesforce Data Thefts Continue via Klue App Compromise

More Salesforce instances have been breached by threat actors abusing a third-party application integration, this time through Klue's Battlecards app. The attacks, which are the latest in a series of ...
Bleeping Computer

Klue OAuth breach victim list grows as Icarus hackers claim attack

Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers' Salesforce environments, as the new ...
Dark Reading

Heroku: Cyberattacker Used Stolen OAuth Tokens to Steal Customer Account Credentials

Salesforce subsidiary Heroku on Thursday said that the threat actor that stole Heroku GitHub integration OAuth tokens in April also accessed an internal database containing hashed and salted passwords ...