Executive Summary
Klue identified unauthorized activity on June 12, 2026. A compromised legacy credential associated with an integration service let an attacker obtain OAuth tokens for third-party platforms including Salesforce and access data in connected customer environments. Klue reported no evidence that content stored in Klue itself was affected, and revoked credentials and tokens, removed unauthorized code, and disabled potentially affected integrations. [1]
The public evidence supports a high-confidence incident, but does not support filling every missing artifact, actor, victim, or infrastructure field. Unknown values below remain explicit. [1]