Industry - Data Breach
Executive Summary
Market intelligence provider Klue suffered a data breach after hackers used compromised credentials to access customer cloud databases, stealing business contact information including names, emails, phone numbers, and job titles from multiple cybersecurity firms like HackerOne, Snyk, and Tanium. The cybercrime group Icarus claimed responsibility and threatened to publish the stolen data unless a ransom is paid. This incident highlights the growing risk of supply chain attacks where hackers co...
What Happened
On June 12, 2025, hackers used a compromised legacy credential to breach Klue, a Vancouver-based market intelligence provider that connects customer data to its platform. The attackers accessed cloud databases of multiple Klue customers - including cybersecurity firms HackerOne, Snyk, Tanium, and others - and stole business contact information such as names, email addresses, phone numbers, and job titles. The cybercrime group Icarus claimed responsibility and threatened to publish the stolen data if a ransom was not paid.
Who Is Affected
Multiple corporate customers of Klue are affected, including at least nine confirmed companies such as Gong, Jamf, HackerOne, Insurity, OneTrust, Recorded Future, Snyk, Sprout Social, and Tanium. The stolen data primarily consists of business contact information belonging to employees and customers of these organizations. Klue has not disclosed the total number of affected customers among its hundreds of clients.
Why It Matters
This incident exemplifies the rising threat of supply chain attacks where hackers target a single middleware provider to access data from numerous organizations simultaneously. By compromising Klue's integration tool that links customer cloud databases like Salesforce, attackers gained a point-of-failure that multiplied their reach across multiple companies. This pattern mirrors recent mass-hacks at similar providers like Gainsight, Salesloft, and Snowflake, demonstrating how third-party integrations create cascading privacy risks that extend far beyond the initially breached company.
What You Should Do
If you are a customer or employee of any affected company, monitor your email and phone for phishing attempts or social engineering attacks using the stolen contact information. Enable multi-factor authentication on all work and personal accounts, especially those linked to the exposed email addresses. Contact your employer's IT or security team to confirm whether your information was included in the breach and follow any specific guidance they provide about credential changes or security measures.
Summary generated from verified sources and reviewed before publication. How we summarize.
Sources