The Icarus extortion group breached Klue, a competitive intelligence SaaS platform, and stole OAuth tokens granting delegated access to the Salesforce CRM environments of downstream customers including LastPass, Gong, Recorded Future, Tanium, Jamf, Sprout Social, and Insurity. No software vulnerability was exploited; the attack chain relied on legacy credential compromise, overpermissioned OAuth token scopes, and the trusted-relationship between Klue and its enterprise customers. Exposed Salesforce data includes contact names, email addresses, phone numbers, physical addresses, and support case records.