A hacking group has taken credit score for a breach at market intelligence supplier Klue that allowed hackers to steal reams of information from the corporate’s company prospects, which embrace a few of the greatest names in cybersecurity.
Vancouver-based Klue, which lets firms conduct market analysis by connecting their information to its techniques, mentioned on Friday that hackers had stolen information from an unspecified variety of its prospects throughout a cyberattack every week earlier. (The weblog contains the “noindex” code, which tells search engines like google and yahoo to not record the web page in search outcomes.)
Cybercrime group Icarus took credit score for the breach, saying on its leak web site that it’s going to publish the stolen information on Monday if the corporate doesn’t pay the hackers’ ransom.
Klue has not mentioned what number of of its a whole lot of shoppers are affected. A number of firms have come ahead to substantiate they’d information stolen through the assault, together with Gong, Jamf, HackerOne, Insurity, OneTrust, Recorded Future, Snyk, Sprout Social, and Tanium.
That is the most recent of a slew of broad-scale hacks during which hackers goal firms that maintain the keys to different firms’ cloud databases. By breaching companies like Klue, hackers are betting that compromising a single point-of-failure will allow them to steal information from numerous organizations directly. Over the previous 12 months alone, hackers have more and more focused comparable middleware suppliers, together with Gainsight and Salesloft, to achieve entry to a whole lot of firms’ information.
Klue mentioned hackers had gained entry to the corporate’s techniques on June 12 utilizing a “compromised legacy credential,” akin to a password or a token, related to an integration instrument that enables prospects to hyperlink their firm’s cloud information to their Klue accounts.
The hackers had been in a position to steal information from Klue’s buyer clouds, akin to Salesforce databases. Firms typically retailer their prospects’ private data in Salesforce databases, making these a prime target.
A lot of the stolen information consists of enterprise contact data, like names, electronic mail addresses, telephone numbers, job titles, and a few account data of their prospects, in response to the varied affected firms.
It’s not clear how the hackers acquired the compromised credentials, or why Klue didn’t detect the theft sooner. Comparable latest mass-hacks involving the compromise and misuse of credentials, akin to at Snowflake and Tanstack, have been linked to workers inadvertently putting in password-stealing malware on the units that they use for work.
Klue mentioned it has known as in incident response agency CrowdStrike, and has disconnected its integrations to stop additional entry to prospects’ information.
When contacted by TechCrunch on Monday, Klue CEO Jason Smith didn’t instantly reply to a request for remark, or reply questions in regards to the incident, together with if the corporate has obtained any communication from the hackers, akin to a ransom demand.
Huntress, one of many safety firms that had its information stolen within the hack, mentioned in its write-up of the incident that the hackers had contacted it with a ransom observe utilizing an Australian firm’s electronic mail handle, whose servers had been possible misused for the marketing campaign.
Final June, Klue mentioned it was preparing to lay off around half of its staff, round 100 folks, because it doubled down on its AI investments. It’s not clear if the discount in employees led to lapses in safety on the firm. It’s not clear who, past Smith, is answerable for cybersecurity on the firm.
Klue doesn’t at present record an individual overseeing cybersecurity on its executive leadership page.
Are you aware extra in regards to the Klue cyberattack? Are you an organization affected by the breach? We’d love to listen to from you. To contact Zack Whittaker securely, attain out by way of Sign username zackwhittaker.1337 or by electronic mail: [email protected].
While you buy by means of hyperlinks in our articles, we may earn a small commission. This doesn’t have an effect on our editorial independence.

