Klue Security Incident — June 2026

A recent security incident involving Klue, a third-party competitive intelligence platform integrated with our systems, allowed an unauthorized party to access data in Sprout Social's Salesforce CRM system. The incident originated with our vendor Klue, where a threat actor obtained credentials associated with Klue's integration and used them to access connected customer Salesforce environments — including Sprout's.

For Sprout, the unauthorized access of our Salesforce CRM data may have included business contact details (names, professional email addresses, phone numbers, job titles, and mailing addresses), organizational and account information (company details, industry, and account-status information), and related commercial CRM records. Access occurred during a defined window between June 11 and June 12, 2026, after which the activity was contained by the vendor.

Importantly, no Sprout Social product or platform data was affected. This incident did not impact the Sprout Social application itself, your connected social profiles or their credentials, published or scheduled content, authentication passwords, or platform API keys. The unauthorized activity was limited to data within our Salesforce CRM and did not touch Sprout Social’s products, platforms, or our integration with Salesforce Service Cloud.

Sprout Action

Upon learning of this incident, our security team moved quickly to contain it and investigate the full scope:

• Disabled the Salesforce connected app and deactivated the dedicated service account used by the Klue integration, establishing a hard block against the compromised credentials
• Removed all other Klue integrations from our tooling 
• Audited our systems to confirm the incident was limited to Klue and Salesforce
• Engaged directly with Klue, opened a support case with Salesforce, and requested indicators of compromise and detailed access logs to validate exactly what was accessed

Staying Protected Together

Because exposed business contact information can be misused, heightened awareness is important. We are aware of follow-on phishing and extortion attempts connected to this incident. Bad actors may attempt to exploit the exposed contact information through:

• Phishing emails that appear to come from Sprout Social or reference a legitimate business relationship
• Extortion or "ransom" emails claiming to possess stolen data and demanding a response
• Unexpected phone calls or messages requesting sensitive information
• Social engineering attempts that reference real business details to appear credible

We recommend treating any unexpected request for sensitive information or payment with caution, verifying it through a known official channel before acting, and not responding to or engaging with extortion messages. If you receive a suspicious message referencing Sprout Social, please report it to our support team.

Moving Forward

Security isn't just a priority; it's fundamental to everything we do. We are using this incident to further strengthen our third-party risk management and integration controls, and we will continue investing in protective measures that safeguard your trust.

Our support teams are ready to address any questions or concerns you may have about this incident. You can contact them at support@sproutsocial.com.