Market research firm Klue recently experienced a significant data breach, leading to the theft of sensitive information from several corporate clients. The cybercriminal group known as Icarus claimed responsibility for the attack, which involved unauthorized access to Klue’s systems and the exfiltration of customer data.
In a recent update to its clients, Klue reported ongoing communication with Icarus. The group has indicated that they are in the process of deleting the stolen data. Notably, the Icarus website, previously used to threaten the release of the compromised information, is currently offline. Klue interprets this as a positive sign that the group is following through on their commitment to delete the data.
However, the situation has become more complex. Klue has informed its customers of a second, unidentified hacking group that is now attempting to extort them directly. This group alleges that they have obtained the stolen data from Icarus and have published a list of affected companies on their own website. They further claim that Klue paid an Icarus operator, purportedly a teenager residing in the UK or nearby, to secure the deletion of the data. These assertions remain unverified, and Klue has not confirmed any ransom payments.
The breach has impacted numerous organizations, including Gong, Jamf, HackerOne, Huntress, Insurity, LastPass, OneTrust, Recorded Future, ReliaQuest, Snyk, Sprout Social, and Tanium. The compromised data encompasses a range of sensitive information, such as business contacts, price quotes, and sales-related details.
In response to the breach, Klue has taken several measures to mitigate further risks. The company has disconnected its integrations to prevent additional unauthorized access and is collaborating with incident response firm CrowdStrike to investigate the incident. Additionally, Salesforce has disabled the Klue Battlecards app integration following the detection of unusual activity linked to the breach.
This incident underscores the critical importance of robust security practices, especially concerning third-party integrations. Organizations must ensure that legacy credentials are promptly revoked and that access controls are rigorously maintained. The emergence of multiple threat actors exploiting the same breach highlights the evolving nature of cyber threats and the necessity for continuous vigilance and proactive security measures.
