Customer Data Stolen from Companies Using Klue and Salesforce

A company called Klue, which provides market intelligence services to businesses, experienced a security breach.

Hackers used a technique involving OAuth, which is the system that lets you log into one service using your account from another service. The attackers, who call themselves Icarus, broke into Klue and then used that access to steal data from Salesforce accounts. Salesforce is a widely used customer management system that stores contact information, sales records, and business data. This affects people whose information is stored in the Salesforce systems of companies that use Klue.

If you are a customer of a business that uses both Klue and Salesforce, your contact details, purchase history, or other information they keep about you may have been stolen. The hackers are reportedly using this stolen data for extortion, meaning they may threaten to release it unless companies pay them. If you receive a notice from any company saying your data was part of this breach, take it seriously.

Here is what to do:

1. Read the notice carefully to understand exactly what information was exposed.
2. Watch your email and phone for suspicious contacts from people claiming to be from companies you do business with.
3. If the exposed data included financial information, monitor your bank and credit card statements for unusual activity.
4. Consider placing a fraud alert on your credit report by contacting one of the three major credit bureaus. This breach highlights why it matters which companies you trust with your information. When possible, limit what personal details you share with businesses. Ask companies about their data security practices. The more places your information lives, the more opportunities exist for it to be stolen. Stay alert for breach notifications and act quickly when you receive them.