Klue breach exposed Salesforce CRM data through stolen OAuth tokens (opens in new tab)

An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce and other platforms, and accessed data across multiple customer environments prompting the company to revoke customer OAuth tokens and disable affected integrations. “An attacker gained access through a compromised legacy credential associated with an integration service,” Klue CEO Jason Smith said in a posting to the company’s blog. “The attacker used that access to obta...