{"id":3490252,"date":"2026-06-25T16:40:15","date_gmt":"2026-06-25T16:40:15","guid":{"rendered":"https:\/\/techingeek.com\/index.php\/2026\/06\/25\/hacked-klue-reports-that-offenders-are-erasing-compromised-client-information-yet-now-additional-hackers-are-issuing-threats\/"},"modified":"2026-06-25T16:40:15","modified_gmt":"2026-06-25T16:40:15","slug":"hacked-klue-reports-that-offenders-are-erasing-compromised-client-information-yet-now-additional-hackers-are-issuing-threats","status":"publish","type":"post","link":"https:\/\/techingeek.com\/index.php\/2026\/06\/25\/hacked-klue-reports-that-offenders-are-erasing-compromised-client-information-yet-now-additional-hackers-are-issuing-threats\/","title":{"rendered":"Hacked Klue reports that offenders are erasing compromised client information, yet now additional hackers are issuing threats."},"content":{"rendered":"
<\/div>\n
\n

Market research firm Klue, which experienced a hack this month resulting in the theft of significant data belonging to various customers, has stated that it is in contact with the cybercriminals. The company has indicated its belief that the group is in the process of erasing the stolen information, as reported by TechCrunch.\u00a0<\/p>\n

\u201cWe are still in talks with the threat actor we have been engaging with (\u2018Icarus\u2019),\u201d the organization mentioned in a privately shared update with its clients on Thursday evening, which TechCrunch has accessed. \u201cIcarus informed us that they are initiating actions to erase the data obtained from Klue clients. The Icarus website is still offline, and we have signs that Icarus is genuinely proceeding to eliminate data taken from Klue customers.\u201d<\/p>\n

On Monday, Klue verified that intruders accessed its systems on June 12, leading to the theft of an undisclosed quantity of data from an unspecified number of customers. Since then, multiple Klue clients have confirmed they were impacted by the breach, including Gong, Jamf, HackerOne, Huntress, Insurity, LastPass, OneTrust, Recorded Future, ReliaQuest, Snyk, Sprout Social, and Tanium.\u00a0<\/p>\n

At that time, the hacking group Icarus was threatening Klue with the release of the stolen customer data as a means to extort the company.\u00a0<\/p>\n

As of Thursday morning, when TechCrunch checked, the Icarus site seems to be non-operational, which aligns with what Klue had informed its clients privately.\u00a0<\/p>\n

\n

Contact Us<\/h4>\n

\t\t\tDo you have more details regarding the Klue breach? Or insights about the hacking group Icarus? We\u2019d love to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or through Telegram and Keybase @lorenzofb, or via email.\t\t<\/p><\/div>\n

While all signs indicate progress towards a resolution, the situation has become more complicated in recent days. Klue has stated that Icarus has warned the firm of a second group of hackers attempting to directly extort its customers.\u00a0<\/p>\n

This unnamed group published a list of purportedly affected companies on its own website, which TechCrunch has examined, claiming to have acquired Klue\u2019s customer data directly from Icarus. The hackers also asserted that Klue made a payment to an \u201cIcarus operator who is a teenager residing in the UK or nearby countries.\u201d TechCrunch has not independently verified that Klue compensated Icarus, nor could it ascertain the reasons behind the Icarus website being down. A spokesperson for Klue did not reply promptly to a request for a statement.\u00a0<\/p>\n

According to the hackers, this individual erred, which allowed them to gain access to the server housing the stolen Klue customer data.<\/p>\n

\u201cPay the ransom or we will expose everything if you don’t pay us,\u201d the cybercriminals stated in a message on the site, where they claimed that 195 Klue customers are affected in total.\u00a0<\/p>\n

In its Thursday briefing to clients, Klue stated: \u201cIcarus informed us that the other group only possesses samples of data for a limited number of customers, not all the information. Icarus has requested us to advise Klue customers against making any payments to this other party.\u201d\u00a0<\/p>\n

Klue recommended that customers who are in communication with this second group of hackers should request a random sample of data as proof of their claims regarding data possession.\u00a0<\/p>\n

The company has previously disclosed that the hackers acquired customer data by exploiting a third-party credential from 2022 that was part of a limited pilot program. The hackers then leveraged their access to Klue\u2019s systems to steal authentication keys from customers \u2014 known as OAuth tokens \u2014 and gain entry to their clouds and databases. Klue has not provided further details about this stolen credential, such as its assigned user or the reasons it remained active for the last four years.<\/p>\n<\/div>\n

When you make a purchase through links in our articles, we could earn a small commission. This doesn\u2019t influence our editorial independence.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/div>\n
\n

Market research firm Klue, which experienced a hack this month resulting in the theft of significant data belonging to various customers, has stated that it is in contact with the cybercriminals. The company has indicated its belief that the group is in the process of erasing the stolen information, as reported by TechCrunch.\u00a0<\/p>\n

\u201cWe are still in talks with the threat actor we have been engaging with (\u2018Icarus\u2019),\u201d the organization mentioned in a privately shared update with its clients on Thursday evening, which TechCrunch has accessed. \u201cIcarus informed us that they are initiating actions to erase the data obtained from Klue clients. The Icarus website is still offline, and we have signs that Icarus is genuinely proceeding to eliminate data taken from Klue customers.\u201d<\/p>\n

On Monday, Klue verified that intruders accessed its systems on June 12, leading to the theft of an undisclosed quantity of data from an unspecified number of customers. Since then, multiple Klue clients have confirmed they were impacted by the breach, including Gong, Jamf, HackerOne, Huntress, Insurity, LastPass, OneTrust, Recorded Future, ReliaQuest, Snyk, Sprout Social, and Tanium.\u00a0<\/p>\n

At that time, the hacking group Icarus was threatening Klue with the release of the stolen customer data as a means to extort the company.\u00a0<\/p>\n

As of Thursday morning, when TechCrunch checked, the Icarus site seems to be non-operational, which aligns with what Klue had informed its clients privately.\u00a0<\/p>\n

\n

Contact Us<\/h4>\n

\t\t\tDo you have more details regarding the Klue breach? Or insights about the hacking group Icarus? We\u2019d love to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or through Telegram and Keybase @lorenzofb, or via email.\t\t<\/p><\/div>\n

While all signs indicate progress towards a resolution, the situation has become more complicated in recent days. Klue has stated that Icarus has warned the firm of a second group of hackers attempting to directly extort its customers.\u00a0<\/p>\n

This unnamed group published a list of purportedly affected companies on its own website, which TechCrunch has examined, claiming to have acquired Klue\u2019s customer data directly from Icarus. The hackers also asserted that Klue made a payment to an \u201cIcarus operator who is a teenager residing in the UK or nearby countries.\u201d TechCrunch has not independently verified that Klue compensated Icarus, nor could it ascertain the reasons behind the Icarus website being down. A spokesperson for Klue did not reply promptly to a request for a statement.\u00a0<\/p>\n

According to the hackers, this individual erred, which allowed them to gain access to the server housing the stolen Klue customer data.<\/p>\n

\u201cPay the ransom or we will expose everything if you don’t pay us,\u201d the cybercriminals stated in a message on the site, where they claimed that 195 Klue customers are affected in total.\u00a0<\/p>\n

In its Thursday briefing to clients, Klue stated: \u201cIcarus informed us that the other group only possesses samples of data for a limited number of customers, not all the information. Icarus has requested us to advise Klue customers against making any payments to this other party.\u201d\u00a0<\/p>\n

Klue recommended that customers who are in communication with this second group of hackers should request a random sample of data as proof of their claims regarding data possession.\u00a0<\/p>\n

The company has previously disclosed that the hackers acquired customer data by exploiting a third-party credential from 2022 that was part of a limited pilot program. The hackers then leveraged their access to Klue\u2019s systems to steal authentication keys from customers \u2014 known as OAuth tokens \u2014 and gain entry to their clouds and databases. Klue has not provided further details about this stolen credential, such as its assigned user or the reasons it remained active for the last four years.<\/p>\n<\/div>\n

When you make a purchase through links in our articles, we could earn a small commission. This doesn\u2019t influence our editorial independence.<\/em><\/p>\n","protected":false},"author":2,"featured_media":3490253,"comment_status":"open","ping_status":"closed","sticky":false,"template":"Default","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3490252","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/posts\/3490252"}],"collection":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/comments?post=3490252"}],"version-history":[{"count":0,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/posts\/3490252\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/media\/3490253"}],"wp:attachment":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/media?parent=3490252"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/categories?post=3490252"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/tags?post=3490252"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}