Klue confirmed the breach occurred on June 12, when attackers accessed the company's systems using a dormant third-party credential from 2022. The hackers leveraged this access to steal OAuth authentication tokens, allowing them to infiltrate various customer clouds and databases. Among the affected organizations are major industry players including LastPass, Snyk, Gong, Jamf, and HackerOne.
In section Startups & Technology
Klue Hack Complicates as Second Extortion Group Emerges
Market research firm Klue reports that the threat actor behind a recent data breach, known as Icarus, claims to be deleting stolen customer information. However, the situation has shifted as a second, unidentified group of hackers has surfaced, demanding ransom from Klue’s clients and threatening to leak sensitive data.
While the original perpetrators, Icarus, have taken their leak site offline and communicated intentions to purge the stolen data, a new threat has emerged. A secondary group claims to have compromised the Icarus servers to obtain the cache. This new gang alleges that Klue paid an Icarus operator—described as a teenager in the UK—and is now attempting to extort 195 affected companies directly. Klue has advised its clients not to pay this second group, noting that Icarus claims these new actors possess only a limited subset of the original data. The company has encouraged affected customers to demand proof of possession before considering any engagement with the new extortionists.
Comments (0)
No comments yet. Be the first!