Which companies were affected by the Klue data breach?

Affected companies include Gong, Jamf, HackerOne, Huntress, Insurity, LastPass, OneTrust, Recorded Future, ReliaQuest, Snyk, Sprout Social, and Tanium. Hackers claim approximately 195 clients were impacted.

How did hackers gain access to Klue customer data?

Attackers used leaked third-party credentials from 2022 to breach Klue’s systems, then stole OAuth tokens to infiltrate clients’ cloud storage and databases.

Why is Icarus deleting the stolen data?

Reasons remain unclear, but Klue states it is negotiating with the group and has received confirmation of data deletion intentions. Possible factors include law enforcement pressure or internal hacker disputes.

← All news

Security

Hackers Delete Stolen Klue Data, But New Threats Emerge

June 25, 2026

Photo: TechCrunch

Quick answer

The Icarus hacking group, which stole Klue customer data, claims to be deleting the information, but a second criminal group is demanding ransom for non-disclosure.

Klue, a data analytics platform targeted in a June 12 cyberattack, reports ongoing negotiations with the Icarus hacking group, which stole customer data. According to company representatives, the criminals have begun deleting the stolen information, and their website is temporarily unavailable. However, a second unidentified hacking group has emerged, directly extorting affected companies.

The incident has impacted dozens of major IT firms, including LastPass, Snyk, and Recorded Future. Hackers gained access to Klue’s systems via leaked third-party credentials from 2022. Using stolen OAuth tokens, they infiltrated clients’ cloud infrastructures and databases. Klue has not disclosed details about the leaked credentials or why they remained valid for so long.

A second hacking group, whose identity remains undisclosed, has published a list of affected companies on its website and demanded ransom for non-disclosure. The group claims it obtained the data after an Icarus member—allegedly a British teenager—made an error. Klue advises clients engaging with this group to demand proof of data possession before making any payments.

Common questions

Which companies were affected by the Klue data breach?: Affected companies include Gong, Jamf, HackerOne, Huntress, Insurity, LastPass, OneTrust, Recorded Future, ReliaQuest, Snyk, Sprout Social, and Tanium. Hackers claim approximately 195 clients were impacted.
How did hackers gain access to Klue customer data?: Attackers used leaked third-party credentials from 2022 to breach Klue’s systems, then stole OAuth tokens to infiltrate clients’ cloud storage and databases.
Why is Icarus deleting the stolen data?: Reasons remain unclear, but Klue states it is negotiating with the group and has received confirmation of data deletion intentions. Possible factors include law enforcement pressure or internal hacker disputes.

Dzen feed: /feed/dzen.xml · RSS: /feed.xml