Salesforce said it disabled the Klue Battlecards app integration after a June 11, 2026 security incident at Klue that may have exposed a subset of customer data through connected Salesforce accounts.
KEY FACTS
- Platform action Salesforce blocked the app connection until further notice.
- Cause The company said the issue was tied to the app connection, not a flaw in Salesforce.
- Klue disclosure Klue said unauthorized activity hit part of its integration infrastructure on June 12.
- Impact Huntress said copied data included business contacts, price quotes and sales messages.
In an alert, Salesforce said unusual activity involving the app may have allowed unauthorized access to a subset of customer data through the app’s connection to its platform. Klue said a compromised legacy credential tied to an integration service let an attacker obtain OAuth tokens used to connect with third-party platforms, including Salesforce.
Klue said it revoked affected credentials and tokens, removed unauthorized code, stopped remote access and disabled potentially impacted integrations. It also said it launched a broader investigation into the incident, which it said did not appear to affect customer content stored inside Klue’s own platform.
Huntress said some employees received extortion email on June 16 with a claim that Salesforce data had been downloaded. The company said the copied data did not include threat data, passwords, payment card information or engineering data related to its agent or telemetry.
ReliaQuest said the activity matched a third-party OAuth abuse pattern seen in earlier Salesforce-related compromises. It said automated scripts queried Salesforce records for hours and in one case ran nearly 1,000 requests in 15 minutes.
WHY IT MATTERS
The case shows how trusted third-party integrations can become a path into customer systems even when the core cloud platform is not breached. It also highlights the risk posed by persistent OAuth tokens and other non-human accounts that can access large amounts of data with little scrutiny.