Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks

Klue suffered an OAuth breach that allowed the Icarus threat group to steal Salesforce CRM data from multiple organizations in an extortion campaign. Attackers used OAuth tokens from Klue's Battlecards integration to query Salesforce's REST API for nearly 24 hours. Salesforce disabled the Klue Battlecards app while the breach is investigated.