the klue oauth breach exposed 195 customer companies through a single oauth credential provisioned four years ago as a prototype and never revoked. the affected downstream organizations include huntress, recorded future, hackerone, lastpass, tanium, jamf, and snyk — a cross-section of the security tooling supply chain itself. this is the third salesforce oauth supply chain event in twelve months, indicating a systemic non-human identity management failure rather than an isolated incident.