Scopeora News & Life

© 2026 Scopeora News & Life

Klue Says a 2022 Legacy Credential Was Used in Customer Data Breach

Klue says a 2022 legacy credential was used in a customer data breach, highlighting the importance of stronger access control and credential lifecycle management.

Klue Says a 2022 Legacy Credential Was Used in Customer Data Breach

Market research platform Klue has confirmed that a legacy credential from 2022, created for a limited pilot, was used by attackers earlier this month to access customer data. The incident affected several corporate clients, including cybersecurity firms.

According to Klue, the compromised access token was tied to an integration service and appears to have remained active long after the pilot ended. That detail has placed renewed focus on how organizations manage old credentials, vendor access, and system permissions over time.

Klue said it detected the intrusion on June 12 and later disclosed that the attackers used access to its systems to retrieve customer information stored across connected clouds and databases. The company has also said it is reviewing credential management, vendor controls, monitoring, and deployment security practices.

In its public statement, Klue noted that the investigation is still ongoing and has not disclosed the exact form of the credential or the third party that originally received it. The company has also not clarified why the credential was not revoked after the pilot concluded.

A group calling itself Icarus has claimed responsibility for the breach and says it may publish the stolen data if its demands are not met. Klue has not shared whether it has engaged with the group.

The case underscores how even older access keys can become high-value entry points when they remain connected to modern cloud systems. As organizations expand their digital ecosystems, stronger lifecycle controls may shape the next generation of secure collaboration.


Similar News