Klue hack results in data breach at several cybersecurity firms

2026-06-22 · Source: TechCrunch · Field: Technology & Digital — Cybersecurity & Data Privacy, Cloud Computing & IT Infrastructure · Depth: Novice, short

Summary

Market intelligence provider Klue confirmed a data breach where the cybercrime group Icarus stole customer data, threatening to publish it if a ransom is not paid. The breach, which occurred on June 12, exploited a "compromised legacy credential" linked to an integration tool, allowing access to customer cloud databases like Salesforce. Several cybersecurity firms, including Gong, Jamf, HackerOne, Insurity, OneTrust, Recorded Future, Snyk, Sprout Social, and Tanium, have confirmed data exfiltration, primarily business contact information. This incident highlights a growing trend of targeting middleware providers as single points of failure. Klue has engaged CrowdStrike and disconnected integrations, but questions remain regarding credential acquisition and detection speed, especially given Klue's recent layoffs and lack of a listed cybersecurity executive.

Key takeaway

For security engineers and CTOs evaluating third-party vendor risks, this Klue breach underscores the critical need to scrutinize middleware providers. You must audit all legacy credentials and integration points, especially those connecting to sensitive cloud databases like Salesforce. Prioritize implementing robust credential management, including MFA, and ensure clear accountability for cybersecurity within your organization to mitigate supply chain attack vectors.

Key insights

Compromised credentials targeting middleware providers enable widespread data breaches, posing a critical supply chain security risk.

Principles

• Middleware providers are high-value targets.
• Legacy credentials pose significant risk.
• Clear security leadership is crucial.

Method

Attackers exploited a compromised legacy credential for an integration tool to access Klue's systems, then exfiltrated customer data from linked cloud databases like Salesforce.

In practice

• Audit third-party integration access.
• Enforce multi-factor authentication.
• Monitor for legacy credential misuse.

Topics

• Data Breach
• Supply Chain Attack
• Credential Compromise
• Salesforce Security
• Third-Party Risk
• Cybercrime Group Icarus

Best for: VP of Engineering/Data, Executive, Security Engineer, CTO, Consultant

Related on AIssential

• For the 2nd time in weeks, Microsoft packages laced with credential stealer — Supply chain attacks exploit trust models, not vulnerabilities, using compromised credentials to publish cryptographically verified malicious packages.
• Vercel Got Powned By An OAuth App. Again… Here Is What Happened and What You Should Do — Third-party OAuth integrations pose significant supply chain risks to organizational security.
• After data breach, $10B-valued startup Mercor is having a month — A supply chain attack via a popular open-source tool led to a major data breach impacting a high-value AI startup.
• Linux explores new way of authenticating developers and their code - here's how it works — Linux ID replaces PGP with decentralized identifiers and verifiable credentials for robust open-source identity verification.
• Your GitHub Token Is Now Worth More Than Your AWS Key — AI developers' credentials are now the primary target in supply chain attacks, shifting security focus from models to development environments.
• Cyberattack on a Car Breathalyzer Firm Leaves Drivers Stuck — Multiple cybersecurity incidents and privacy concerns highlight pervasive digital vulnerabilities and data exploitation across consumer and government sectors.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by TechCrunch.