Klue confirmed the breach occurred on June 12, when attackers accessed the company's systems using a dormant third-party credential from 2022. The hackers leveraged this access to steal OAuth authentication tokens, allowing them to infiltrate various customer clouds and databases. Among the affected organizations are major industry players including LastPass, Snyk, Gong, Jamf, and HackerOne.
While the original perpetrators, Icarus, have taken their leak site offline and communicated intentions to purge the stolen data, a new threat has emerged. A secondary group claims to have compromised the Icarus servers to obtain the cache. This new gang alleges that Klue paid an Icarus operator—described as a teenager in the UK—and is now attempting to extort 195 affected companies directly. Klue has advised its clients not to pay this second group, noting that Icarus claims these new actors possess only a limited subset of the original data. The company has encouraged affected customers to demand proof of possession before considering any engagement with the new extortionists.
Comments (0)
No comments yet. Be the first!