Market intelligence platform Klue has suffered a significant security breach, leading to unauthorized access to sensitive data from several of its corporate clients, including prominent cybersecurity companies. The breach, which occurred on June 12, 2026, was executed by the cybercrime group known as Icarus. They exploited a compromised legacy credential associated with Klue’s integration tools, enabling them to infiltrate customer cloud databases, notably Salesforce instances.
Klue, headquartered in Vancouver, offers services that allow companies to conduct market research by integrating their data with Klue’s systems. This integration, however, became the vector for the attack. The hackers utilized the compromised credential to access and exfiltrate data from Klue’s customers’ cloud environments. The stolen information primarily includes business contact details such as names, email addresses, phone numbers, job titles, and certain account information.
Several affected companies have publicly acknowledged the breach. These include Gong, Jamf, HackerOne, Insurity, OneTrust, Recorded Future, Snyk, Sprout Social, and Tanium. Each of these organizations has reported unauthorized access to their Salesforce databases, where they store critical customer information.
In response to the incident, Klue has engaged cybersecurity firm CrowdStrike to assist with the investigation and remediation efforts. The company has also disabled its integration tools to prevent further unauthorized access. Despite these measures, Klue has not disclosed the exact number of customers impacted by the breach.
The Icarus group has claimed responsibility for the attack and has threatened to publish the stolen data if their ransom demands are not met. This tactic underscores a growing trend where cybercriminals target service providers that act as central hubs for multiple organizations, thereby amplifying the impact of a single breach.
This incident highlights the critical importance of robust security measures for third-party integrations. Companies must ensure that legacy credentials are regularly audited and decommissioned when no longer in use. Additionally, implementing stringent access controls and continuous monitoring can help detect and mitigate unauthorized activities promptly. As cyber threats continue to evolve, organizations must remain vigilant and proactive in safeguarding their data and that of their clients.
