A market intelligence platform called Klue experienced an OAuth security vulnerability that allowed threat actors known as ‘Icarus’ to gain unauthorized access to Salesforce CRM systems. The attackers exploited this breach to extract sensitive customer data from multiple organizations as part of an extortion scheme.

Why it matters in Western Canada: Organizations across Western Canada using Klue integrated with Salesforce for business intelligence face potential data compromise, particularly in sectors like finance, energy, and healthcare that rely on CRM systems for client and operational data.

---

Summary generated from the original advisory. Read the full source: bleepingcomputer