Klue hack leads to data breach at several cybersecurity companies

A hacking group has taken credit for a breach at market information provider Klue that allowed hackers to steal troves of data from the company’s corporate clients, which include some of the biggest names in cybersecurity.

Vancouver-based Klue, which allows companies to conduct market research by linking their data to their systems, said Friday That hackers had stolen data from an unspecified number of its customers during a cyberattack a week ago. (Blog It contains a “noindex” symbol.which tells search engines not to include the page in search results.)

Cybercrime group Icarus claimed responsibility for the hack, saying on its leak site that it would publish the stolen data on Monday if the company did not pay the hackers’ ransom.

Klue did not say how many of its hundreds of customers were affected. Several companies have come forward to confirm that they had data stolen during the attack, including… Gong, Jamf, HackerOne, Insurance, OneTrust, Recorded future, Infiltration, Social sproutand Tanium.

This is the latest in a series of large-scale hacks in which hackers target companies that hold the keys to other companies’ cloud databases. By compromising companies like Klue, hackers are betting that compromising a single point of failure will allow them to steal data from a large number of organizations at once. Over the past year alone, hackers have increasingly targeted similar middleware providers, including stupidity and CellloftTo access hundreds of company data.

Klue said hackers gained access to the company’s systems on June 12 using “vulnerable legacy credentials,” such as a password or token, linked to an integration tool that allows customers to link their company’s cloud data to their Klue accounts.

Hackers were able to steal data from Klue customers’ clouds, such as Salesforce databases. Businesses often store their customers’ personal information in Salesforce databases, making it… Main goal.

Much of the stolen data included business contact information, such as names, email addresses, phone numbers, job titles, and some account information for their customers, according to the various affected companies.

It’s not clear how the hackers obtained the compromised credentials, or why Klue didn’t discover the theft sooner. Similar recent mass hacks involving compromised and misused credentials, such as at Snowflake and tanstackhave been linked to employees unwittingly installing password-stealing malware on devices they use for work.

Klue said it called in incident response company CrowdStrike and disconnected its integrations to prevent further access to customer data.

When contacted by TechCrunch on Monday, Klue CEO Jason Smith did not immediately respond to a request for comment, or answer questions about the incident, including whether the company had received any communication from the hackers, such as a ransom demand.

Huntress, one of the security companies whose data was stolen in the hack, said in a statement Writing down the incident That the hackers contacted her with a ransom note using the email address of an Australian company, and its servers were likely being misused in the campaign.

Last June, Khloe said he was It is preparing to lay off about half of its employeesabout 100 people, as it doubled its investments in artificial intelligence. It is not clear whether the staff reductions have led to security vulnerabilities at the company. It’s not clear who, other than Smith, is in charge of cybersecurity at the company.

Klue does not currently list someone who oversees cybersecurity Her executive leadership page.

Do you know more about the Klue cyber attack? Are you a company affected by the breach? We would love to hear from you. To contact Zack Whittaker securely, contact the Signal username zackwhittaker.1337 or email: zack.whittaker@techcrunch.com.