Q: What is my impact?
- We are continuing to investigate this. Based on what we know so far, the only information potentially impacted is the following:
- Business Names
- Contact info
- Products used
- Pricing info
Q: Given Klue has been compromised, are you still going to be using them as a vendor?
- We have not made any changes to our relationship at this point. We're staying close to Klue on their remediation and watching our own exposure, and we'll reassess as we gather more information.
Q: Do you use any of the other of the applications on Klue’s list, and how do you know that those are safe from data extraction?
- In addition to the Salesforce data sync integration, we also integrate Gong and Slack with Klue. We have reviewed access logs from all these services and determined that there is no customer or partner impact, while also rotating all active OAuth credentials with these services out of precaution.
Q: What Mitigation steps have you taken to ensure that you are not susceptible to another similar incident?
- We have reviewed access logs from all services on Klue’s list, as well as our other SFDC connections, and determined that no malicious activity occurred, while also rotating all active oauth credentials with these services.
Q: Is there anything from Klue that I can read up on more about this incident?
- Current Klue users can login to access more information from Klue support here.
- We have also published a blog with our findings here.
Q: Are we engaging with the Threat Actor?
- No