Icarus Stole Salesforce Data From a Hundred Security Firms. Then Somebody Stole It From Icarus.

We have now written about the Klue breach three times, and each time the story got bigger and stranger. This is the entry where it stops being a breach story and becomes a parable.

The short version: a market-intelligence platform that security companies use to track their competitors got popped through a single OAuth integration into Salesforce. The blast radius was every customer that had connected the two. When we covered it on June 23, eight companies had confirmed impact. The number is now in the hundreds. And the crew that pulled it off has itself been robbed.

The Victim List Went From Eight to "Hundreds"

On June 23 the confirmed names were Recorded Future, Tanium, Jamf, Huntress, Sprout Social, Gong, Insurity, and LastPass. That list has since detonated. New confirmations include HackerOne, BeyondTrust, OneTrust, Snyk, AlertMedia, Blackbaud, Camunda, Cresta, Deel, Lucanet, Link11, and Tines — and that is the named subset of a victim pool reported to run into the hundreds.

The pattern across every disclosure is identical. The attacker used compromised legacy credentials to obtain the OAuth tokens that connected Klue to third-party platforms, Salesforce chief among them. With those tokens, they pulled business data straight out of customer Salesforce CRMs: names, email addresses, job titles, phone numbers, business addresses, sales account data. Gong specified that user names, titles, and emails were taken but call recordings and transcripts were not. OneTrust described sales account data and contact information exfiltrated. The shape is the same everywhere because the mechanism is the same everywhere — the integration was the door, and the token was the key.

Two companies are worth naming for what did not happen to them. Autodesk was a Klue customer but came through clean because it never wired the Salesforce integration in the first place. Gong had disabled its integration. The companies that avoided the blast radius are the ones that had not connected the two systems, or had turned the connection off. That is the entire lesson in one sentence: the integration you are not using is the integration that cannot be stolen.

Then the Thieves Got Robbed

Here is the turn. Klue has reportedly told customers that Icarus — the crew that stole the data, whose operator signed extortion notes as "mr bean" — was itself hacked. The stolen dataset is now in the hands of a second threat actor, which is running its own extortion campaign. That second group supposedly grabbed only sample data from Icarus, which tells you the breach of the breachers was opportunistic, not a coordinated handoff.

Meanwhile Icarus appears to be standing down. Klue says it has been in contact with the threat actor, who started deleting the stolen data. Icarus's leak site has been offline for days — the kind of quiet that, in this economy, usually means a payment cleared. So the original extortionist is deleting and going dark while a second extortionist is just getting started with a copy of the same files.

Sit with what that means for any victim deciding whether to pay. Paying Icarus to delete the data does nothing about the copy that Icarus could not keep safe. You cannot buy back data from someone who no longer controls all the copies. The deletion you negotiated is theater the moment a second party has the dataset.

The Thing We Keep Saying, Now Proven on the Criminals

We have a standing frame here: trust is a lifecycle, and it decays the same way in every reputation system — dark markets, exchanges, ransomware brands, link aggregators, social platforms. An operator gets trusted, proves itself, operates, and then either gets compromised or exits. We usually apply that lens to the defenders and the platforms. Klue just ran the experiment on the attackers.

Icarus built the capability to drain a hundred Salesforce instances through one supplier. What it could not build was the operational security to hold the proceeds. The crew that out-engineered a fleet of security vendors got out-engineered by the next opportunist in line. The loot has the same custody problem the victims did — too many ways in, no real control over who holds a copy. Thieves are not exempt from the supply chain of trust. They are subject to it like everyone else, and on a faster clock, because nobody is going to help a thief with incident response.

There is a defender lesson buried in the schadenfreude, and it is the one we have been hammering since "OAuth's Blind Spot" in September 2025, through the ShinyHunters token-theft wave in June, and through both prior Klue posts. The attack class is not the malware and it is not the ransomware brand. It is the trusted integration. A third-party platform with an OAuth token into your Salesforce is a piece of your attack surface that lives outside your walls, outside your logging, and outside your control. When that supplier is breached, you are breached, and you find out from a news article. The motive of whoever walks through the door — ransomware affiliate, data-extortion gang, nation-state, or the random crew that mugged the first crew — does not change the defense. Defend the door.

What To Do This Morning

Inventory every OAuth grant into your Salesforce, your Google Workspace, your Microsoft 365, your GitHub. Most organizations have no idea how many third-party tokens hold standing access to their core data, and that inventory is the whole game. For every grant, ask the two questions that came out of this breach: do we actually use this integration, and does it have more scope than it needs. The Klue customers who came through clean are the ones who could answer "no, we turned it off."

Then revoke aggressively. A token you revoke is a token that cannot be replayed when the supplier on the other end gets popped. Rotate the credentials behind any integration that has been connected to a breached vendor, and treat "the vendor says they deleted it" as exactly the empty reassurance this incident proved it to be. Assume the data is loose. Assume there is a second copy. Plan as if the people you are negotiating with do not control all the copies — because in this case, demonstrably, they did not.

The hackers got hacked. It is a good story. It is also the clearest proof yet that the integration token is the asset, and nobody — not the vendor, not the victim, not even the thief — keeps it safe for long.

Sources: SecurityWeek (more-klue-breach-victims-identified-as-hackers-get-hacked, more-cybersecurity-firms-disclose-impact-from-klue-hack, beyondtrust-lastpass-impacted-by-klue-salesforce-incident), The Register (security shops among the hundreds of Klue hack victims), Huntress (klue-breach-investigation), TechCrunch (Klue data deletion report), and DugganUSA prior coverage (OAuth's Blind Spot Sept 2025; Icarus Hit Klue June 18; Icarus Popped the Competitive Intelligence Platform June 23).

Her name was Renee Nicole Good.

His name was Alex Jeffery Pretti.