Market intelligence platform Klue has confirmed a security incident where threat actors stole OAuth tokens used to connect to customers’ Salesforce environments. The new ‘Icarus’ extortion group has publicly claimed responsibility for the attack. Salesforce has disabled the Klue Battlecards app integration as a result, preventing further connections via the app until the issue is resolved. This incident is part of a growing trend of third-party application compromises leading to Salesforce data theft.