Data Exposure via Third-Party Integrator Klue
A security incident at the third-party market intelligence platform Klue led to unauthorized access to 'internal licensed user data' for a subset of Gong customers who had integrated Klue with Gong. The breach originated from a compromised legacy credential at Klue, which was then used to obtain OAuth tokens to access connected platforms like Salesforce and Gong. The extortion group 'Icarus' claimed responsibility for the broader attacks targeting Klue customers. Gong confirmed that this was not a direct breach of its own products or systems and that customer call recordings or transcripts were not directly impacted. Gong disabled the Klue integration and blocked suspicious IP addresses in response to the incident.
Signal context
First seen: Jun 17, 2026
Last updated: Jun 26, 2026
Status: Public signal
Key points
- Incident originated from a breach at Klue, a third-party market intelligence platform.
- Affected a subset of Gong customers using the Klue integration.
- Accessed data included usernames, user business titles, and user emails.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Information
Likely country: Location not provided
Watch internet-facing systems, credential abuse and exploit activity.
- Source type: outside the affected organization
Impact area: Confidentiality
Likely asset: User or customer data
- 29 signals in the same sector
- 93 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
More Cybersecurity Firms Disclose Impact From Klue Hackhttps://www.securityweek.com/more-cybersecurity-firms-disclose-impact-from-klue-hack/Public source from securityweek.com.
22nd June – Threat Intelligence Reporthttps://research.checkpoint.com/2026/22nd-june-threat-intelligence-report/Public source from research.checkpoint.com.
Security Check-in Quick Hits: Tata Electronics Breach, Klue Supply Chain Attack, FortiBleed Campaign, libssh2 Flaw, and Cisco CUCM Exploitationhttps://www.rodstrent.com/post/security-check-in-quick-hits-tata-electronics-breach-klue-supply-chain-attack-fortibleed-campaign-libssh2-flaw-and-cisco-cucm-exploitationPublic source from rodstrent.com.
LastPass confirms data breach after hacker compromises supply chain — here's what we knowhttps://www.techradar.com/pro/security/lastpass-confirms-data-breach-after-hacker-compromises-supply-chain-heres-what-we-knowPublic source from techradar.com.
https://www.bankinfosecurity.com/klue-confirms-oauth-token-theft-led-to-salesforce-data-heist-a-25442https://www.bankinfosecurity.com/klue-confirms-oauth-token-theft-led-to-salesforce-data-heist-a-25442Public source from bankinfosecurity.com.
Related signals
Grouped by why the signal is relevant.
AgelessRx Data Breach Exposes Patient Health Information
AgelessRx, a telehealth platform specializing in longevity and anti-aging treatments, disclosed a data breach. An unauthorized actor gained access to certain help-desk tickets within the company's system between April 17 and April 22, 2026. The breach exposed sensitive patient health information, including names, dates of birth, health diagnoses or conditions, medications, and prescription details. The incident was reported to attorneys general on June 24, 2026, and notification letters to affected individuals began on June 23, 2026.
Jamf Customer Data Exposed in Klue Supply Chain Attack
Jamf, a provider of Apple device management solutions, was impacted by the Klue supply chain attack. The incident involved unauthorized access to customer data stored in Salesforce instances, stemming from compromised OAuth tokens from the Klue platform. The Icarus extortion group claimed responsibility for the attack.
Insurity Customer Data Exposed in Klue Supply Chain Attack
Insurity, a leading provider of cloud-based software for insurance carriers, was impacted by the Klue supply chain attack. The incident involved unauthorized access to customer data within Salesforce environments, due to compromised OAuth tokens from the Klue platform.
Klue Data Breach Leads to Salesforce Customer Data Exposure
Market intelligence platform Klue experienced a data breach, uncovered on June 12, 2026, where attackers stole OAuth tokens used to access customer data from Salesforce. The Icarus group claimed responsibility, leaking business contacts, sales notes, and pricing details from multiple victims. The incident was widely reported on June 24, 2026.
OneTrust Customer Data Exposed in Klue Supply Chain Attack
OneTrust, a privacy, security, and governance technology company, was among the organizations affected by the Klue supply chain attack. The incident involved unauthorized access to customer data within Salesforce environments, due to compromised OAuth tokens from the Klue platform.
Snyk Affected by Klue Supply Chain Data Breach
Developer security platform Snyk was impacted by the Klue supply chain attack, which led to unauthorized access to customer data within Salesforce environments. The attack leveraged compromised OAuth tokens from the Klue platform.