Dernière minute
INTLFIFA Rejects Belgian Appeal on Balogun's Eligibility for US-Belgium MatchDEMilliardenauftrag für deutsche U-Boote: Kanada wählt TKMS vor Nato-GipfelDEHamas löst Regierungsgremium im Gazastreifen aufINTLIndia News Roundup: CWGC Adds 9,909 Indian Soldiers, Ram Temple Trust Accepts Resignation, Film Pulled, Mob LynchingFRProcès de streameurs à Nice après le décès en direct de Jean PormanoveITRegione Lombardia si costituisce parte civile per l'incendio di Crans-MontanaCN八村壘同意與快艇簽下2年2800萬美元合約CN強颱巴威逼近台灣 週五、週六影響最劇 北部、東部、中南部山區恐有強風豪雨ESMundial 2026: Conoce el cuadro de eliminatorias y los cruces confirmadosITDuplice omicidio Villa Pamphili: testimoni oculari raccontano di aver visto l'imputato con la bambina in braccioINTLFIFA Rejects Belgian Appeal on Balogun's Eligibility for US-Belgium MatchDEMilliardenauftrag für deutsche U-Boote: Kanada wählt TKMS vor Nato-GipfelDEHamas löst Regierungsgremium im Gazastreifen aufINTLIndia News Roundup: CWGC Adds 9,909 Indian Soldiers, Ram Temple Trust Accepts Resignation, Film Pulled, Mob LynchingFRProcès de streameurs à Nice après le décès en direct de Jean PormanoveITRegione Lombardia si costituisce parte civile per l'incendio di Crans-MontanaCN八村壘同意與快艇簽下2年2800萬美元合約CN強颱巴威逼近台灣 週五、週六影響最劇 北部、東部、中南部山區恐有強風豪雨ESMundial 2026: Conoce el cuadro de eliminatorias y los cruces confirmadosITDuplice omicidio Villa Pamphili: testimoni oculari raccontano di aver visto l'imputato con la bambina in braccio
Newsgather
BackKlue Hackers Used 2022 Pilot Credential to Steal Customer Data
Klue Hackers Used 2022 Pilot Credential to Steal Customer Data
En développement
TechCrunch23.06.2026Tech2 dk okumaUnited States

Klue Hackers Used 2022 Pilot Credential to Steal Customer Data

L'essentiel

  • Klue confirmed hackers used a 2022 pilot credential to steal data from corporate customers, including cybersecurity firms.
  • The credential's long-standing use raises security concerns.
  • The breach, detected June 12, allowed access to OAuth tokens, enabling data theft and extortion.

Résumé généré par IA

Pourquoi c'est important

Market research company Klue experienced a data breach where hackers used an old credential from a 2022 pilot to access and steal data from its corporate customers, including cybersecurity firms and password manager LastPass.

Taille de police

Market research company Klue has confirmed that a credential dating back to 2022, which was part of a limited pilot, was used by hackers earlier this month to steal reams of data from its corporate customers, including several cybersecurity companies.

The new detail suggests that Klue may have had years to decommission the credential that was used for the pilot, raising questions about the company’s security posture and what actions it could have taken to prevent the breaches of its customers’ data.

The hack at Vancouver-based Klue, which it detected on June 12 and first disclosed last Friday, allowed hackers to steal data from a number of its customers, including password manager maker LastPass and several other cybersecurity companies. The hackers used their access to Klue’s systems, which store the keys — known as OAuth tokens — to access their customers’ data stored in other clouds and databases, to download that data, and extort the companies.

Klue spokesperson Katie Berg told TechCrunch that the company’s investigation so far indicates that the credential used by the hackers to steal customers’ data “was originally provided to a third-party in 2022, for a limited pilot.”

When asked by TechCrunch, Klue would not explain the purpose of the pilot, how long it ran, or identify the third-party that the company gave the credential to. Klue also did not share why the credential wasn’t revoked following the conclusion of the pilot.

Klue did not respond to follow-up emails about the incident before publication.

Questions remain about the incident as the company says its investigation is continuing.

Klue hasn’t said what kind of credential was stolen, only stating in a blog post that it was a “legacy credential associated with an integration service.” Klue also would not say whether the credential was an employee’s username and password, for example, or if the company believes the credential was stolen from the third-party rather than from its own systems.

These details may be crucial to understanding how the breach was carried out — and how to prevent a repeat incident.

Klue’s statement to TechCrunch added that the company is “conducting a comprehensive review of credential management, vendor-access controls, monitoring capabilities, and deployment security processes,” offering no further details.

A hacking group called Icarus took credit for the breach on its data leak site, and has publicly threatened to release the stolen data if its ransom isn’t paid.

Klue has not said if it has had contact with the hackers, or if it plans to pay their demands.

Do you know more about the Klue cyberattack? Are you a company affected by the breach? We would love to hear from you. To contact Zack Whittaker securely, reach out via Signal at username zackwhittaker.1337.

Questions ouvertes

  • What was the purpose of the 2022 pilot?
  • Who was the third-party recipient of the credential?
  • Why was the credential not revoked after the pilot?

Sujets liés

This article was originally published by TechCrunch.

Articles liés

Anthropic Removes Secret Tracker After Privacy Breach in Claude Code
En développement·23 dk önce

Anthropic Removes Secret Tracker After Privacy Breach in Claude Code

Anthropic removed a secret tracker from Claude Code after a researcher exposed it. The AI firm used "prompt steganography" to hide code that flagged Chinese users' timezone, proxy, and potential ties to Chinese AI labs accused of distillation attacks. Anthropic claims it was an experiment to prevent account abuse and distillation, but privacy advocates view it as a serious breach of trust.

Ars Technica
Plus sur ce sujetcyberattack