Recorded Future has revealed details about a recent security incident involving its use of third-party marketing vendor Klue. The unauthorized access, which started on June 12, 2026, affected the integration layer used by Klue with other SaaS platforms. Despite this, Recorded Future’s systems and data remain unaffected.
An investigation found that Recorded Future was an incidental victim due to utilizing a compromised integration between Salesforce and Klue. However, elements of its Salesforce account were impacted via a compromised OAuth token. The incident’s scope is still under review, but it appears to be limited to business data fields stored in the Salesforce database.
Recorded Future took swift action to contain the incident, revoking OAuth tokens and engaging with Salesforce for additional support. The company has also launched a review of its integrated Salesforce third-party applications and continued monitoring of its systems.
Customers are advised to maintain basic cyber-hygiene and be vigilant for phishing activity or spam. Recorded Future will continue to investigate this incident and keep customers informed if any significant new information becomes available. The company is committed to enhancing its SaaS security posture management and logging program to improve protections.
Source: https://www.recordedfuture.com/blog/klue-security-incident