Breaking
BRMulher morre atropelada em estrada vicinal em Teodoro Sampaio (SP)ITGuerra Ucraina Russia, Trump: Putin è pronto a finire le ostilità. LIVEINTLCanada to Buy Submarines from German Firm ThyssenKrupp Marine SystemsINTLKylian Mbappé Responds to Racist Attack by Paraguayan SenatorESOla de calor y sequía disparan los incendios forestales en CataluñaTRBeylikdüzü'nde Zincirleme Kaza: Elektrikli Otomobil Sürücüsü YaralandıRUРусский игрок НФЛ: решение ФИФА по Балогуну ставит вопрос о недопуске России на ЧМINTLDHS Ditches 'Defend the Homeland' Branding on ICE CarsESMerino da la victoria a España ante Portugal en el minuto 90 y la clasifica para cuartos del Mundial 2026INTLMike Rowe Sues Discovery for Alleged $2 Million in Unpaid Voiceover WorkBRMulher morre atropelada em estrada vicinal em Teodoro Sampaio (SP)ITGuerra Ucraina Russia, Trump: Putin è pronto a finire le ostilità. LIVEINTLCanada to Buy Submarines from German Firm ThyssenKrupp Marine SystemsINTLKylian Mbappé Responds to Racist Attack by Paraguayan SenatorESOla de calor y sequía disparan los incendios forestales en CataluñaTRBeylikdüzü'nde Zincirleme Kaza: Elektrikli Otomobil Sürücüsü YaralandıRUРусский игрок НФЛ: решение ФИФА по Балогуну ставит вопрос о недопуске России на ЧМINTLDHS Ditches 'Defend the Homeland' Branding on ICE CarsESMerino da la victoria a España ante Portugal en el minuto 90 y la clasifica para cuartos del Mundial 2026INTLMike Rowe Sues Discovery for Alleged $2 Million in Unpaid Voiceover Work
Newsgather
BackKlue Hacked: Company Communicates with Icarus, Second Gang Emerges, Data Deletion Claims
Klue Hacked: Company Communicates with Icarus, Second Gang Emerges, Data Deletion Claims
Developing
TechCrunch6/25/2026Crime3 min readUnited States

Klue Hacked: Company Communicates with Icarus, Second Gang Emerges, Data Deletion Claims

Quick Look

  • Market research provider Klue, hacked earlier this month, is communicating with the Icarus hacking group, which claims to be deleting stolen customer data.
  • However, a second unnamed gang has emerged, claiming to have obtained Klue's customer data from Icarus and is now directly extorting affected customers.

AI-generated summary

Why It Matters

Klue, a market research provider, suffered a data breach on June 12, with the hacking group Icarus stealing customer data. A second, unnamed gang has since emerged, claiming to have acquired the data from Icarus and is now directly extorting Klue's customers.

Font size

Market research provider Klue, which was hacked earlier this month in a breach that allowed cybercriminals to steal reams of data belonging to several of its customers, said that it is communicating with the hackers. The company also said it believes the group is deleting the stolen data, TechCrunch has learned.

“We continue to communicate with the threat actor we have been in contact with (‘Icarus’),” the company wrote in an update shared privately on Thursday night with its customers, which TechCrunch has seen. “Icarus told us they are taking steps to delete the data taken from Klue customers. The Icarus site remains down and we have indications that Icarus is indeed taking steps to delete data taken from Klue customers.”

On Monday, Klue confirmed that hackers broke into its systems on June 12 and stole an unspecified amount of data from an unspecified number of its customers. Since then, several Klue customers have confirmed they were affected by the breach, including Gong, Jamf, HackerOne, Huntress, Insurity, LastPass, OneTrust, Recorded Future, ReliaQuest, Snyk, Sprout Social, and Tanium.

At the time, the hacking group Icarus was threatening Klue to release the stolen customers’ data in an attempt to extort the company.

As of Thursday morning, when TechCrunch checked, the Icarus website appears to be down, which is also what Klue privately told its customers.

While all this seems to point to a resolution, the hack got messier in the last couple of days. According to Klue, Icarus told the company that there is a second gang of hackers that is trying to extort its customers directly.

This unnamed gang posted a list of allegedly affected companies on its own website, which TechCrunch has seen, where they claimed to have stolen Klue’s customer data directly from Icarus. The hackers also alleged that Klue paid an “Icarus operator who is a teenager living somewhere in the UK or adjacent countries.” TechCrunch has obtained no independent verification that Klue paid Icarus, nor could we determine why the Icarus website is down. A Klue spokesperson did not immediately respond to a request for comment.

According to the hackers, this person made a mistake that allowed them to connect to the server where the operator was keeping the stolen Klue’s customer data.

“Pay the ransom or we will leak everything if you no pay us,” the cybercriminals wrote in a message on the site, where they claimed there are 195 affected Klue customers in total.

In its Thursday update to customers, Klue said: “Icarus told us that the other party has only samples of data for a subset of customers, not all of the data. Icarus has asked us to inform Klue customers to not make payment to this other party.”

Klue suggested its customers who are in touch with this second group of hackers to ask for a random sample of data, as proof that the hackers really possess the data they claim to have.

The company previously said that the hackers stole customers’ data by using a 2022 third-party credential that was part of a limited pilot. The hackers then used their access to Klue’s systems to steal customers’ authentication keys — known as OAuth tokens — and log into their clouds and databases. Klue has not provided more details about this stolen credential, such as who it was assigned to, or why it was not revoked in the last four years.

Open Questions

  • Did Klue pay Icarus?
  • Why is the Icarus website down?
  • Who was the 2022 third-party credential assigned to, and why was it not revoked?

Related Topics

This article was originally published by TechCrunch.

Related Stories

More on this topicklue