Skip to content
Tech News
← Back to articles

Klue hack results in data breach at several cybersecurity firms

2026-06-22 | original
read original more articles
Why This Matters

The breach at Klue highlights the growing vulnerability of middleware providers that serve as gateways to large corporate data sets, emphasizing the need for stronger security measures in the cybersecurity industry. For consumers and businesses, this incident underscores the importance of safeguarding cloud credentials to prevent widespread data theft. As hackers target these critical points, the industry must prioritize robust security protocols to protect sensitive information and maintain trust.

Key Takeaways

A hacking group has taken credit for a breach at market intelligence provider Klue that allowed hackers to steal reams of data from the company’s corporate customers, which include some of the biggest names in cybersecurity.

Vancouver-based Klue, which lets companies conduct market research by connecting their data to its systems, said on Friday that hackers had stolen data from an unspecified number of its customers during a cyberattack a week earlier. (The blog contains the “noindex” code, which tells search engines to not list the page in search results.)

Cybercrime group Icarus took credit for the breach, saying on its leak site that it will publish the stolen data on Monday if the company does not pay the hackers’ ransom.

Klue has not said how many of its hundreds of customers are affected. Several companies have come forward to confirm they had data stolen during the attack, including Gong, Jamf, HackerOne, Insurity, OneTrust, Recorded Future, Snyk, Sprout Social, and Tanium.

This is the latest of a slew of broad-scale hacks in which hackers target companies that hold the keys to other companies’ cloud databases. By breaching firms like Klue, hackers are betting that compromising a single point-of-failure will let them steal data from a large number of organizations at once. Over the past year alone, hackers have increasingly targeted similar middleware providers, including Gainsight and Salesloft, to gain access to hundreds of companies’ data.

Klue said hackers had gained access to the company’s systems on June 12 using a “compromised legacy credential,” such as a password or a token, associated with an integration tool that allows customers to link their company’s cloud data to their Klue accounts.

The hackers were able to steal data from Klue’s customer clouds, such as Salesforce databases. Companies often store their customers’ personal information in Salesforce databases, making these a prime target.

Much of the stolen data includes business contact information, like names, email addresses, phone numbers, job titles, and some account information of their customers, according to the various affected companies.

It’s not clear how the hackers acquired the compromised credentials, or why Klue did not detect the theft sooner. Similar recent mass-hacks involving the compromise and misuse of credentials, such as at Snowflake and Tanstack, have been linked to employees inadvertently installing password-stealing malware on the devices that they use for work.

Klue said it has called in incident response firm CrowdStrike, and has disconnected its integrations to prevent further access to customers’ data.

... continue reading

Explore topics: klue icarius cybersecurity gong tanium
Related:
I Turned Off All Antivirus Protection for a Week. Here's What I Learned
Think of the Children: How to Force Real ID for All Internet Traffic (2023)
Klue OAuth breach victim list grows as Icarus hackers claim attack
Is the US government’s Anthropic ban accidentally helping the brand?
Stressors, AI Forcing Changes to Cybersecurity Teams

© 2026 GoKawiil

About | Editorial Policy | Contact