Klue hack results in data breach at several cybersecurity firms

A hacking group has taken credit for a breach at market intelligence provider Klue that allowed hackers to steal reams of data from the company’s corporate customers, which include some of the biggest names in cybersecurity. Vancouver-based Klue, which lets companies conduct market research by connecting their data to its systems, said on Friday that hackers had stolen data from an unspecified number of its customers during a cyberattack a week earlier. Cybercrime group Icarus took credit for the breach, saying on its leak site that it will publish the stolen data on Monday if the company does not pay the hackers’ ransom.

Klue has not said how many of its hundreds of customers are affected. Several companies have come forward to confirm they had data stolen during the attack, including Gong, Jamf, HackerOne, Insurity, OneTrust, Recorded Future, Snyk, Sprout Social, and Tanium. This is the latest of a slew of broad-scale hacks in which hackers target companies that hold the keys to other companies’ cloud databases.

By breaching firms like Klue, hackers are betting that compromising a single point-of-failure will let them steal data from a large number of organizations at once. Over the past year alone, hackers have increasingly targeted similar middleware providers, including Gainsight and Salesloft, to gain access to hundreds of companies’ data. Klue said hackers had gained access to the company’s systems on June 12 using a “compromised legacy credential,” such as a password or a token, associated with an integration tool that allows customers to link their company’s cloud data to their Klue accounts.

The hackers were able to steal data from Klue’s customer clouds, such as Salesforce databases. Companies often store their customers’ personal information in Salesforce databases, making these a prime target. Much of the stolen data includes business contact information, like names, email addresses, phone numbers, job titles, and some account information of their customers, according to the various affected companies.

Klue said it has called in incident response firm CrowdStrike, and has disconnected its integrations to prevent further access to customers’ data. When contacted by TechCrunch on Monday, Klue CEO Jason Smith did not immediately respond to a request for comment, or answer questions about the incident, including if the company has received any communication from the hackers, such as a ransom demand. Huntress, one of the security companies that had its data stolen in the hack, said in its write-up of the incident that the hackers had contacted it with a ransom note using an Australian company’s email address, whose servers were likely misused for the campaign.

Last June, Klue said it was preparing to lay off around half of its staff, around 100 people, as it doubled down on its AI investments. Klue does not currently list a person overseeing cybersecurity on its executive leadership page. Why this matters: The Klue breach highlights the growing threat of supply chain attacks, where hackers target companies that provide services to multiple organizations.