Dernière minute
RUКурск атакован украинскими БПЛА в ночь на 7 июляRUТри человека пострадали при атаке ВСУ на Белгород и округBRCiclista morre após ser atingido por micro-ônibus em SantosRUНа Волге девушка на гидроцикле сбила троих мужчин на сапборде, один погибRUМосгорсуд заочно приговорил к 9 годам колонии участника нападения на посольство РФ в КиевеTRAvrupa Ordusu Fikri ve Türkiye'nin NATO Üyeliği MücadelesiBRMcDonald's em Juiz de Fora é assaltado; funcionária é agredidaARقناة السويس: شريان حيوي للتجارة العالمية ومورد استراتيجي لمصرGLOBALFury vs. Joshua Fight Contingent on Wembley's Late Start Time, Says AlalshikhESEspaña vence a Portugal y avanza a cuartos de final del Mundial 2026RUКурск атакован украинскими БПЛА в ночь на 7 июляRUТри человека пострадали при атаке ВСУ на Белгород и округBRCiclista morre após ser atingido por micro-ônibus em SantosRUНа Волге девушка на гидроцикле сбила троих мужчин на сапборде, один погибRUМосгорсуд заочно приговорил к 9 годам колонии участника нападения на посольство РФ в КиевеTRAvrupa Ordusu Fikri ve Türkiye'nin NATO Üyeliği MücadelesiBRMcDonald's em Juiz de Fora é assaltado; funcionária é agredidaARقناة السويس: شريان حيوي للتجارة العالمية ومورد استراتيجي لمصرGLOBALFury vs. Joshua Fight Contingent on Wembley's Late Start Time, Says AlalshikhESEspaña vence a Portugal y avanza a cuartos de final del Mundial 2026
Newsgather
BackKlue Hacked: Company Communicates with Icarus, Second Gang Emerges, Data Deletion Claims
Klue Hacked: Company Communicates with Icarus, Second Gang Emerges, Data Deletion Claims
En développement
TechCrunch25.06.2026Crime3 dk okumaUnited States

Klue Hacked: Company Communicates with Icarus, Second Gang Emerges, Data Deletion Claims

L'essentiel

  • Market research provider Klue, hacked earlier this month, is communicating with the Icarus hacking group, which claims to be deleting stolen customer data.
  • However, a second unnamed gang has emerged, claiming to have obtained Klue's customer data from Icarus and is now directly extorting affected customers.

Résumé généré par IA

Pourquoi c'est important

Klue, a market research provider, suffered a data breach on June 12, with the hacking group Icarus stealing customer data. A second, unnamed gang has since emerged, claiming to have acquired the data from Icarus and is now directly extorting Klue's customers.

Taille de police

Market research provider Klue, which was hacked earlier this month in a breach that allowed cybercriminals to steal reams of data belonging to several of its customers, said that it is communicating with the hackers. The company also said it believes the group is deleting the stolen data, TechCrunch has learned.

“We continue to communicate with the threat actor we have been in contact with (‘Icarus’),” the company wrote in an update shared privately on Thursday night with its customers, which TechCrunch has seen. “Icarus told us they are taking steps to delete the data taken from Klue customers. The Icarus site remains down and we have indications that Icarus is indeed taking steps to delete data taken from Klue customers.”

On Monday, Klue confirmed that hackers broke into its systems on June 12 and stole an unspecified amount of data from an unspecified number of its customers. Since then, several Klue customers have confirmed they were affected by the breach, including Gong, Jamf, HackerOne, Huntress, Insurity, LastPass, OneTrust, Recorded Future, ReliaQuest, Snyk, Sprout Social, and Tanium.

At the time, the hacking group Icarus was threatening Klue to release the stolen customers’ data in an attempt to extort the company.

As of Thursday morning, when TechCrunch checked, the Icarus website appears to be down, which is also what Klue privately told its customers.

While all this seems to point to a resolution, the hack got messier in the last couple of days. According to Klue, Icarus told the company that there is a second gang of hackers that is trying to extort its customers directly.

This unnamed gang posted a list of allegedly affected companies on its own website, which TechCrunch has seen, where they claimed to have stolen Klue’s customer data directly from Icarus. The hackers also alleged that Klue paid an “Icarus operator who is a teenager living somewhere in the UK or adjacent countries.” TechCrunch has obtained no independent verification that Klue paid Icarus, nor could we determine why the Icarus website is down. A Klue spokesperson did not immediately respond to a request for comment.

According to the hackers, this person made a mistake that allowed them to connect to the server where the operator was keeping the stolen Klue’s customer data.

“Pay the ransom or we will leak everything if you no pay us,” the cybercriminals wrote in a message on the site, where they claimed there are 195 affected Klue customers in total.

In its Thursday update to customers, Klue said: “Icarus told us that the other party has only samples of data for a subset of customers, not all of the data. Icarus has asked us to inform Klue customers to not make payment to this other party.”

Klue suggested its customers who are in touch with this second group of hackers to ask for a random sample of data, as proof that the hackers really possess the data they claim to have.

The company previously said that the hackers stole customers’ data by using a 2022 third-party credential that was part of a limited pilot. The hackers then used their access to Klue’s systems to steal customers’ authentication keys — known as OAuth tokens — and log into their clouds and databases. Klue has not provided more details about this stolen credential, such as who it was assigned to, or why it was not revoked in the last four years.

Questions ouvertes

  • Did Klue pay Icarus?
  • Why is the Icarus website down?
  • Who was the 2022 third-party credential assigned to, and why was it not revoked?

Sujets liés

This article was originally published by TechCrunch.

Articles liés

Plus sur ce sujetklue