Vancouver-based Klue has disclosed a cyber incident that exposed customer data after attackers accessed its systems through a compromised legacy credential tied to an integration tool. The platform helps companies connect cloud data for market intelligence and research.
The hacking group Icarus has claimed responsibility and says it plans to release the stolen information unless its ransom demand is met. Klue has not confirmed how many customers were affected, but several organizations have said their data was involved.
What was exposed
According to the affected companies, the stolen material includes business contact details such as names, email addresses, phone numbers, job titles, and account-related information. The breach appears to have reached customer cloud environments, including Salesforce databases linked through Klue's integrations.
Companies that publicly acknowledged impact include Gong, Jamf, HackerOne, Insurity, OneTrust, Recorded Future, Snyk, Sprout Social, and Tanium.
Security response
Klue says it detected access on June 12 and has since disconnected integrations to limit further exposure. The company also brought in incident response firm CrowdStrike to assist with containment and review.
The case reflects a broader shift in cyber risk: attackers are increasingly targeting middleware and integration platforms that connect many organizations at once. A single weak credential can create a wide-reaching entry point across multiple cloud systems.
As businesses deepen their use of connected cloud services, security models built around identity, credential hygiene, and integration oversight may become even more central to digital resilience in the years ahead.