A hacking group has taken credit for a breach at market intelligence provider Klue that allowed hackers to steal reams of data from the company’s corporate clients, which include some of the biggest names in cybersecurity.
Vancouver-based Klue, which allows companies to conduct market research by linking their data to its systems, said in Friday that hackers had stolen data from an unspecified number of its customers during a cyberattack a week earlier. (The blog contains the code “noindex”.which tells search engines not to list the page in search results.)
Cybercrime group Icarus took credit for the breach, telling the leak site it would publish the stolen data on Monday if the company did not pay the hackers’ ransom.
Klue has not said how many of its hundreds of customers are affected. Several companies have come forward to confirm that data was stolen during the attack, including; Discoid, Jamf, HackerOne, insurance, OneTrust, Recorded Future, Snyk, Sprout Socialand Taniu.
This is the latest in a string of large-scale hacks in which hackers target companies that hold the keys to other companies’ cloud databases. By breaching companies like Klue, hackers are betting that breaching a single point of failure will allow them to steal data from a large number of organizations at once. In the past year alone, hackers have increasingly targeted similar middleware providers, including Gainsight and Salesloft, to gain access to hundreds of companies’ data.
Klue said hackers gained access to the company’s systems on June 12 using a “compromised legacy credential,” such as a password or token, associated with an integration tool that allows customers to link their company’s cloud data to their Klue accounts.
Hackers were able to steal data from Klue’s customer clouds, such as Salesforce databases. Companies often store their customers’ personal information in Salesforce databases, making it a prime target.
Much of the stolen data includes business contact information such as names, email addresses, phone numbers, job titles and some account information of their customers, according to the various companies affected.
It’s unclear how the hackers obtained the compromised credentials or why Klue didn’t detect the theft sooner. Similar recent mass hacks involving credential hacking and misuse, such as at Snowflake and TanStack, have been linked to employees accidentally installing password-stealing malware on the devices they use for work.
Klue said it called in incident response firm CrowdStrike and has disconnected its integrations to prevent further access to customer data.
When contacted by TechCrunch on Monday, Klue CEO Jason Smith did not immediately respond to a request for comment or answer questions about the incident, including whether the company has received any communication from the hackers, such as a ransom demand.
Huntress, one of the security firms whose data was stolen in the hack, said the recording of the incident that hackers had contacted her with a ransom note using the email address of an Australian company whose servers were likely misused for the campaign.
Last June, Klue said it was is preparing to lay off about half of its staffaround 100 people as it doubled its investment in artificial intelligence. It is unclear whether the staff reduction led to security gaps at the company. It’s unclear who, besides Smith, is responsible for cyber security at the company.
Klue does not currently list a person overseeing cyber security its executive leadership page.
Do you know more about the Klue cyber attack? Are you a company affected by the breach? We would love to hear from you. To contact Zack Whittaker securely, contact via Signal username zackwhittaker.1337 or via email: zack.whittaker@techcrunch.com.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
