Klue

Klue provides integration solutions that connect its customers’ workflows to a variety of software‑as‑a‑service platforms. Its offerings include a Battlecards app for Salesforce as well as pre‑built connectors for HubSpot, SharePoint, Zoom, Gong, Chorus, Clari, Google Drive and Slack. These integrations rely on OAuth tokens to authenticate and exchange data between Klue’s backend and the partner services. The company distributes updates to its integration components through its own backend servers.

In June 2026, threat actors compromised Klue’s backend servers and deployed a malicious update designed to harvest OAuth tokens from its integrations. Upon discovery, Klue revoked the exposed tokens and disabled the affected connections to Salesforce, HubSpot, SharePoint, Zoom, Gong, Chorus, Clari, Google Drive and Slack. Attackers then abused the Salesforce REST API to exfiltrate CRM data from customers such as Huntress and Recorded Future, prompting Salesforce to disable the Battlecards app integration. Huntress later reported extortion attempts linked to a threat actor known as Mr Brean of the Icarus group, although the incident remained confined to the Klue‑Salesforce integration with no breach of victims’ internal systems.

The source material does not disclose Klue’s size, revenue, employee count or geographic reach, so no scale information can be stated. Likewise, no details about Klue’s ownership, parent company or subsidiary structure are provided in the available information. What is evident from the incident is that Klue positions itself as a provider of cross‑platform integration tools, with a particular focus on Salesforce‑based applications. This specialization is reflected in the existence of the Battlecards app and the breadth of its supported SaaS connectors.