// SlackHIGH
Slack OAuth tokens were harvested during a Klue platform breach on June 11, 2026. Attackers who compromised Klue's backend injected malicious code that stole OAuth credentials from customers using Klue to integrate with Slack, Salesforce, and other enterprise tools. The extortion-focused threat group Icarus is attributed to the attack. Affected Slack organizations should revoke compromised OAuth tokens and review integration access logs.
- Klue breach lead to Salesforce data theft, Huntress affected - H(opens in a new tab)
- Hackers Breach Klue Integration to Steal Salesforce CRM Data(opens in a new tab)
- Hackers Exploit Klue Integration to Steal Salesforce CRM Data Us(opens in a new tab)
- Cybersecurity Firms Impacted by Klue Supply Chain Attack - Secur(opens in a new tab)
- Klue OAuth Integration Breach Exposes Salesforce Customer Data i(opens in a new tab)
- Risky Bulletin: Klue breach impacts security firms(opens in a new tab)
// Get alerts for Slack