Security firms got breached through a vendor they all trusted
Market intelligence provider Klue was hacked via its Salesforce integration, exposing data from customers including HackerOne, Huntress, OneTrust and Snyk.
Klue, a Vancouver-based market intelligence company, disclosed on 19 June that attackers stole customer data in a breach that happened between 11 and 12 June. The intrusion hit Klue's Salesforce integration and let the attackers pull data out of customer Salesforce environments. A group calling itself Icarus has claimed responsibility.
What makes this one worth your attention is the list of customers caught up in it: HackerOne, Huntress, OneTrust and Snyk. These are not random companies. They are security firms. The people who find vulnerabilities, hunt threats, manage privacy compliance and secure code for everyone else got exposed through a third party they had wired into their sales stack.
The supply chain is the soft underbelly
Nobody breached HackerOne or Snyk directly. They got hit because a tool they connected to their Salesforce had access, and that tool got compromised. This is the uncomfortable maths of modern software: your security is only as strong as the weakest vendor you have granted access to, and most companies have granted access to dozens. Every integration is a door, and you are trusting someone else to lock it.
Salesforce environments are a rich target because they hold customer records, deal data and contact details. An attacker who gets into one through a trusted integration can quietly export the lot, which appears to be exactly what happened here. The phrase companies reach for in these moments is usually some variant of unauthorised access event. What it accounis that data walked out the door.
What to take from it
Most readers are not running enterprise Salesforce, so there is nothing to patch here. The lesson is about how you think rather than what you click. If you run any business, the question this raises is simple and rarely asked: which third-party tools have access to your customer data, and what happens if one of them is breached?
Audit your connected apps. In Salesforce, Google Workspace, Microsoft 365 or any platform that holds customer data, there is a list of every third-party integration you have authorised, often including ones nobody remembers approving. Revoke the ones you no longer use. Check what scope of access the rest actually have. An old marketing tool with full read access to your CRM is a breach waiting to be claimed by the next group with a name like Icarus.
For individuals, the same principle scales down. Those Sign in with Google buttons and the apps you have linked to your accounts over the years are your personal supply chain. It takes ten minutes to review them in your account security settings, and most people have never looked.
Stay one step ahead.
The Cybersecurity & Privacy Digest lands every Friday with the week's biggest threats and what to do about them. Subscribe free.