Klue hack results in data breach at several cybersecurity firms

A hacking group has taken credit for a breach at market intelligence provider Klue that allowed hackers to steal reams of data from the company’s corporate customers, which include some of the biggest names in cybersecurity. Vancouver-based Klue, which lets companies conduct market research by connecting their data to its systems, said on Friday that hackers had stolen data from an unspecified number of its customers during a cyberattack a week earlier. (The blog contains the “noindex” code , which tells search engines to not list the page in search results.) Cybercrime group Icarus took credit for the breach, saying on its leak site that it will publish the stolen data on Monday if the company does not pay the hackers’ ransom. Klue has not said how many of its hundreds of customers are affected. Several companies have come forward to confirm they had data stolen during the attack, including Gong , Jamf , HackerOne , Insurity , OneTrust , Recorded Future , Snyk , Sprout Social , and Tanium . This is the latest of a slew of broad-scale hacks in which hackers target companies that hold the keys to other companies’ cloud databases. By breaching firms like Klue, hackers are betting that compromising a single point-of-failure will let them steal data from a large number of organizations at once. Over the past year alone, hackers have increasingly targeted similar middleware providers, including Gainsight and Salesloft , to gain access to hundreds of companies’ data. …