Seven in the morning. Coffee black. The marina is doing its quiet thing and the news feed is doing its loud thing and somewhere in the middle of those two facts is a story that deserves more than a headline and less than a panic attack.
Klue got hit. Vancouver company, makes competitive intelligence software for sales teams. Good product, lots of customers, and because of how it works it holds authorization tokens that let it reach into those customers’ Salesforce accounts on their behalf. That is not unusual. That is how half the software sold to enterprise sales teams operates now. You authorize the app, the app gets a key, the app uses the key. Nobody thinks about it much after that.
Somebody at Klue built a test connection years ago, some prototype that never became a product. The test ended. The credential did not. It just sat there, alive, off the books, not in any active review cycle because it was never formally part of the production system. On June 11th a group calling itself Icarus found it and walked in.
Once inside they pushed a code update that collected every authorization token Klue was holding. Then they used those tokens to query Salesforce environments belonging to Klue’s customers. Not Klue’s own data. Their customers’ CRM data. Names, emails, phone numbers, sales records, pricing quotes. The kind of information that makes a targeted phishing email look like it came from someone who actually knows you.
The named victims so far: Huntress. Recorded Future. Tanium. Jamf. HackerOne. Kudelski Security. Snyk. OneTrust. Sprout Social. Insurity. Gong. Hundreds more per Huntress’s own description of the scope. Most of the names you recognize are in the business of preventing exactly this.
Icarus then sent extortion emails signed “mr bean.” Realized they had used the wrong Session Messenger account. Sent a follow-up that said “wrong session lol.” Posted their victims on a dark web site with a data volume field that reads negative one gigabyte, which is not a real number, because they could not be bothered to fill it in correctly.
This is who got through.
Not a nation-state running a four-year quiet campaign. Not an AI autonomous attack agent that security conference speakers have been warning about. A group that has existed since April 28th of this year, has listed a grand total of three victims on their leak site, and cannot maintain basic alias discipline across a two-message extortion thread.
The gap between the sophistication of the attack surface and the sophistication of the attacker should keep you up at night more than the breach itself. The breach happened because a credential nobody remembered was still valid years after the reason for creating it had been forgotten. The attacker needed nothing exotic. They needed patience and a port scanner and the willingness to try a door that turned out to be unlocked.
Salesloft and Drift went through this same structure in August 2025. ShinyHunters hit Gainsight the same way in November 2025. Klue in June 2026. Three times in ten months, same root cause, different company name on the notification email. A third-party SaaS vendor holds authorization tokens into customer environments. A credential outlives its purpose. Someone eventually tries it.
The report I wrote this morning runs twenty pages and has ATT&CK mappings and a tradecraft self-certification and six key judgments differentiated by confidence level. It is thorough and it is honest and the part that stings is section 4.5, which notes that among the companies that have publicly disclosed being hit, most of them are cybersecurity companies.
That is not irony. That is just a true statement about who uses competitive intelligence software in enterprise sales, and it is also a true statement about how the attack surface does not care what your product does or what your logo implies. The token was valid. The query ran. The data left.
The eggs are cold now. The coffee is still black. CrowdStrike is doing forensics on Klue’s environment and will eventually answer the question that actually matters, which is whether the code the attacker pushed in did anything beyond token harvesting, because until that answer comes in, nobody who used Klue can fully close their incident ticket.
Everything else is paperwork.
The Formal Report
About the Author
