{"id":3490192,"date":"2026-06-23T19:43:56","date_gmt":"2026-06-23T19:43:56","guid":{"rendered":"https:\/\/techingeek.com\/index.php\/2026\/06\/23\/klue-reports-that-cybercriminals-obtained-credentials-from-2022-resulting-in-breaches-of-customer-data\/"},"modified":"2026-06-23T19:43:56","modified_gmt":"2026-06-23T19:43:56","slug":"klue-reports-that-cybercriminals-obtained-credentials-from-2022-resulting-in-breaches-of-customer-data","status":"publish","type":"post","link":"https:\/\/techingeek.com\/index.php\/2026\/06\/23\/klue-reports-that-cybercriminals-obtained-credentials-from-2022-resulting-in-breaches-of-customer-data\/","title":{"rendered":"Klue reports that cybercriminals obtained credentials from 2022, resulting in breaches of customer data."},"content":{"rendered":"
<\/div>\n
\n

Research firm Klue has disclosed that a credential from a restricted pilot program dating to 2022 was exploited by hackers earlier this month to obtain vast amounts of data from its corporate clients, including several firms in the cybersecurity sector.<\/p>\n

This new information indicates that Klue might have had ample time to retire the credential utilized in the pilot, raising concerns about the company\u2019s security measures and what preventive steps could have been taken to safeguard its clients’ data.<\/p>\n

The intrusion at Klue, headquartered in Vancouver and detected on June 12, was made public last Friday, allowed cybercriminals to retrieve data from numerous clients, among them the maker of password manager LastPass and several other cybersecurity firms. The attackers leveraged their access to Klue\u2019s systems, which store the keys \u2014 referred to as OAuth tokens \u2014 used to retrieve their clients\u2019 data saved in various clouds and databases, enabling them to download that information and extort the firms.<\/p>\n

Klue spokesperson Katie Berg informed TechCrunch that the ongoing investigation suggests the credential utilized by the attackers to access client data \u201cwas initially given to a third-party in 2022, for a limited pilot.\u201d<\/p>\n

When queried by TechCrunch, Klue refrained from explaining the pilot’s purpose, its duration, or disclosing the identity of the third-party that received the credential. Klue also did not clarify why the credential was not revoked after the pilot\u2019s conclusion.<\/p>\n

Klue did not reply to follow-up inquiries regarding the incident prior to publication.<\/p>\n

Uncertainties surround the incident as the company states its investigation is ongoing.<\/p>\n

Klue has not disclosed what type of credential was compromised, merely mentioning in a blog post that it was a \u201clegacy credential linked to an integration service.\u201d Klue also did not specify whether the credential was an employee’s username and password, or if it believes the credential was taken from the third-party rather than its own systems.<\/p>\n

These specifics could be vital for understanding how the breach occurred \u2014 and for preventing similar incidents in the future.<\/p>\n

In its statement to TechCrunch, Klue added that the firm is \u201cundertaking a thorough review of credential management, vendor access controls, monitoring capabilities, and deployment security processes,\u201d without providing additional details.<\/p>\n

A hacking collective known as Icarus has claimed responsibility for the breach on its data leak platform and has issued public threats to release the stolen data if their ransom demands are not met.<\/p>\n

Klue has not indicated whether it has engaged with the hackers or if it plans to acquiesce to their demands.<\/p>\n

Do you have further information regarding the Klue cyberattack? Are you a business impacted by the breach? We would like to hear from you. To securely reach out to Zack Whittaker, contact him via Signal at username zackwhittaker.1337<\/em>.<\/p>\n<\/div>\n

Purchases made through links in our articles may earn us a small commission. This does not influence our editorial independence.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/div>\n
\n

Research firm Klue has disclosed that a credential from a restricted pilot program dating to 2022 was exploited by hackers earlier this month to obtain vast amounts of data from its corporate clients, including several firms in the cybersecurity sector.<\/p>\n

This new information indicates that Klue might have had ample time to retire the credential utilized in the pilot, raising concerns about the company\u2019s security measures and what preventive steps could have been taken to safeguard its clients’ data.<\/p>\n

The intrusion at Klue, headquartered in Vancouver and detected on June 12, was made public last Friday, allowed cybercriminals to retrieve data from numerous clients, among them the maker of password manager LastPass and several other cybersecurity firms. The attackers leveraged their access to Klue\u2019s systems, which store the keys \u2014 referred to as OAuth tokens \u2014 used to retrieve their clients\u2019 data saved in various clouds and databases, enabling them to download that information and extort the firms.<\/p>\n

Klue spokesperson Katie Berg informed TechCrunch that the ongoing investigation suggests the credential utilized by the attackers to access client data \u201cwas initially given to a third-party in 2022, for a limited pilot.\u201d<\/p>\n

When queried by TechCrunch, Klue refrained from explaining the pilot’s purpose, its duration, or disclosing the identity of the third-party that received the credential. Klue also did not clarify why the credential was not revoked after the pilot\u2019s conclusion.<\/p>\n

Klue did not reply to follow-up inquiries regarding the incident prior to publication.<\/p>\n

Uncertainties surround the incident as the company states its investigation is ongoing.<\/p>\n

Klue has not disclosed what type of credential was compromised, merely mentioning in a blog post that it was a \u201clegacy credential linked to an integration service.\u201d Klue also did not specify whether the credential was an employee’s username and password, or if it believes the credential was taken from the third-party rather than its own systems.<\/p>\n

These specifics could be vital for understanding how the breach occurred \u2014 and for preventing similar incidents in the future.<\/p>\n

In its statement to TechCrunch, Klue added that the firm is \u201cundertaking a thorough review of credential management, vendor access controls, monitoring capabilities, and deployment security processes,\u201d without providing additional details.<\/p>\n

A hacking collective known as Icarus has claimed responsibility for the breach on its data leak platform and has issued public threats to release the stolen data if their ransom demands are not met.<\/p>\n

Klue has not indicated whether it has engaged with the hackers or if it plans to acquiesce to their demands.<\/p>\n

Do you have further information regarding the Klue cyberattack? Are you a business impacted by the breach? We would like to hear from you. To securely reach out to Zack Whittaker, contact him via Signal at username zackwhittaker.1337<\/em>.<\/p>\n<\/div>\n

Purchases made through links in our articles may earn us a small commission. This does not influence our editorial independence.<\/em><\/p>\n","protected":false},"author":2,"featured_media":3490193,"comment_status":"open","ping_status":"closed","sticky":false,"template":"Default","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3490192","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/posts\/3490192"}],"collection":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/comments?post=3490192"}],"version-history":[{"count":0,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/posts\/3490192\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/media\/3490193"}],"wp:attachment":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/media?parent=3490192"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/categories?post=3490192"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/tags?post=3490192"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}