Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data

Salesforce disabled the Klue Battlecards app integration on June 11, 2026, following a security incident at the competitive intelligence company Klue. This action prevents organizations from connecting to Salesforce through the Klue app until the issue is resolved. The incident involved the abuse of OAuth tokens, which led to the exposure of customer data. Klue disclosed the breach on June 10, 2026, stating that an unauthorized party gained access to its systems between May 29 and June 2, 2026. During this period, the attacker was able to access and exfiltrate data from Klue's production environment. Klue reported that the compromised data included customer names, email addresses, and encrypted passwords, but indicated that no payment card information was accessed. The company has engaged a third-party cybersecurity firm to investigate the incident and is working to enhance its security protocols. Salesforce, in its alert, advised customers to review their connected OAuth applications and revoke any suspicious or unnecessary access.