Klue, a market intelligence platform, has confirmed a recent security incident in which threat actors stole OAuth tokens used to connect to customers' Salesforce environments. The Icarus hackers, a newly emerged extortion group, have publicly claimed responsibility for the attack1. This breach has significant implications, as OAuth tokens can be used to access sensitive customer data. The fact that the Icarus group was able to obtain these tokens suggests a high level of sophistication and potential vulnerability in Klue's security protocols. As the list of affected victims grows, concerns about downstream regulatory and supply-chain effects are likely to increase. The use of stolen OAuth tokens to extort customers highlights the evolving nature of cyberattacks, making it essential for organizations to reevaluate their security measures. This incident matters to practitioners because it underscores the need for robust OAuth token security and vigilant monitoring to prevent similar breaches.