Security update: Klue breach and impact on Pendo

On June 14, 2026 we were notified by Klue, a third-party competitive intelligence platform we use, that their systems had been compromised and  that an unauthorized threat actor had access to credentials associated with Klue's Salesforce integration used by Pendo. We promptly disabled Klue’s access to our systems and began an investigation to review the indicators of compromise that Klue provided. Our  investigation to date shows that the unauthorized actor had accessed business and contact data within our Salesforce instance.

We believe in transparency with our customers, and we're committed to sharing what we know as our investigation continues. Below are more details based on our investigation to date: what happened, what was accessed, what we've done to contain it, and what to watch for.

What happened

Pendo has been using Klue since May 2025 for competitive research, integrated with our Salesforce CRM, and completed standard vendor due diligence prior to onboarding.

This was a supply chain attack, a security domino effect where one compromised vendor credential led to a chain of follow-on compromises across multiple Klue customers. The attackers reportedly compromised Klue's backend systems and gained access to credentials that Klue's customers,  including Pendo, use to connect Klue to Salesforce and other platforms. 

What data was accessed

The data potentially compromised relates to business relationships and sales activity — business contact information, non-sensitive deal and contract records, and limited non-proprietary business communications

No authentication tokens, contract documents, support tickets containing technical details, or product data were accessed. This incident was contained within Pendo's Salesforce CRM system. There is no evidence to date that our product or service delivery platform was targeted, accessed, or compromised, and we believe our ability to serve customers has not been affected.

What we've done

Upon confirming the incident, we took the following actions, among others:

• Disabled and revoked Klue's access to all of our systems
• Worked with Salesforce to obtain additional logs and support
• Analyzed logs by replaying the unauthorized threat actor's queries in an attempt to determine what data was accessed
• Assessed potentially malicious IP addresses identified by Klue against log activity in Salesforce and our platform
• Began reviewing every third-party application integrated with Salesforce to ensure appropriate IP allow listing and permission scopes are in place
• Engaged external cybersecurity and privacy counsel for additional support
• Contacted law enforcement 

What to watch for

We encourage all of our customers to be vigilant.  Unauthorized threat actors may use the compromised information to, for example, impersonate Pendo staff in future phishing campaigns. We recommend being careful about any unexpected emails or messages referencing Pendo or this incident.

Pendo will never ask for a password, or request credentials or payment changes over email, phone, or text. Please report any suspicious activity to your security teams..

What comes next

We are continuing to monitor our systems for abnormal activity and are following up on all additional indicators of compromise provided by Klue, law enforcement, and our external consultants. As our investigation continues, we will provide updates where there are meaningful developments to share relating to this incident and our remediation efforts.

Customers with additional questions can reach us at klue-incident@pendo.io.