A supply chain attack against Klue, a market intelligence SaaS platform, enabled threat actors to obtain Salesforce OAuth tokens by exploiting compromised legacy credentials in Klue’s integration layer. Those tokens were used to exfiltrate CRM contact records and support case data from hundreds of downstream enterprise customers, including confirmed victims LastPass and BeyondTrust. Any organization that granted Klue integration access to its Salesforce environment should assume potential exposure until Klue provides a definitive scope assessment.