On June 12, 2026, the Icarus extortion group compromised a legacy credential in Klue’s Salesforce CRM integration infrastructure and stole OAuth tokens that granted direct access to Salesforce environments at seven confirmed enterprise organizations including Recorded Future, Tanium, Jamf, Sprout Social, Gong, Insurity, and Huntress. The victims had no direct security gap; they were breached through their trusted SaaS vendor relationship. Confidence in victim list and attack mechanics is assessed MEDIUM based on T3 sourcing; no CISA advisory or primary-tier regulatory disclosure has been confirmed as of available reporting.