Vancouver-based market research technology company Klue recently experienced a customer data breach thanks to an old, jeopardized credential.
The news: Vancouver-based Klue sells business intelligence software that helps salespeople at other tech firms gather information on competitors and win deals. In a community update initially shared last week, Klue said it identified unauthorized activity affecting part of its integration infrastructure on June 12.
The company revealed the attacker leveraged “a compromised legacy credential associated with an integration service”—one reportedly dating back to a limited pilot from 2022—and used it to access Klue customer data in third-party platforms like Salesforce. Data obtained included contact, sales, and support information, while LastPass, OneTrust, and Sprout Social were among the firms impacted. Cybercrime group Icarus reportedly took credit, threatening to publish the stolen data if a ransom is not paid.
From the source: “We are committed to protecting your data, and we know an incident like this tests that commitment,” Klue co-founder and CEO Jason Smith said in the June 18 blog post, which was updated on Monday. “We also want to be clear about what this was: a deliberate criminal act. The reality of connected software is that a single compromise can ripple across many organizations.”
Following the thread: Klue said it immediately took steps to contain this activity, revoking affected credentials, launching a comprehensive investigation with CrowdStrike, notifying law enforcement, and supporting customers. The company is also conducting a thorough review of its security and deployment practices. Klue, which has not said how many of its clients were affected, said there is no evidence that customer data stored within Klue was impacted.
Final thought: The frequency and severity of cyberattacks is rising sharply. Smith said the only way we beat those threats is by working together and sharing information and strategies. He promised to continue to provide relevant updates to customers as the company’s remediation efforts continue.
Feature image courtesy Klue.