Klue Supply Chain Compromise and CRM Data Exfiltration Incident Advisory (opens in new tab)

A software supply chain attack targeting the market intelligence platform Klue resulted in unauthorized access to customer integrations and subsequent data exfiltration from downstream SaaS applications, including CRM systems.The intrusion began when a threat actor compromised Klue's backend environment and introduced malicious code designed to harvest OAuth tokens used by customer integrations. These tokens were then leveraged to access connected third-party services and extract data directl...