Hacked Klue says criminals are deleting stolen customer data, but now other hackers are making threats

Market probe supplier Klue, which was hacked earlier this month successful a breach that allowed cybercriminals to bargain reams of information belonging to respective of its customers, said that it is communicating with the hackers. The institution besides said it believes the radical is deleting the stolen data, TechCrunch has learned. 

“We proceed to pass with the menace histrion we person been successful interaction with (‘Icarus’),” the institution wrote successful an update shared privately connected Thursday nighttime with its customers, which TechCrunch has seen. “Icarus told america they are taking steps to delete the information taken from Klue customers. The Icarus tract remains down and we person indications that Icarus is so taking steps to delete information taken from Klue customers.”

On Monday, Klue confirmed that hackers broke into its systems connected June 12 and stole an unspecified magnitude of information from an unspecified fig of its customers. Since then, respective Klue customers person confirmed they were affected by the breach, including Gong, Jamf, HackerOne, Huntress, Insurity, LastPass, OneTrust, Recorded Future, ReliaQuest, Snyk, Sprout Social, and Tanium. 

At the time, the hacking radical Icarus was threatening Klue to merchandise the stolen customers’ information successful an effort to extort the company. 

As of Thursday morning, erstwhile TechCrunch checked, the Icarus website appears to beryllium down, which is besides what Klue privately told its customers. 

While each this seems to constituent to a resolution, the hack got messier successful the past mates of days. According to Klue, Icarus told the institution that determination is simply a 2nd pack of hackers that is trying to extort its customers directly. 

This unnamed pack posted a database of allegedly affected companies connected its ain website, which TechCrunch has seen, wherever they claimed to person stolen Klue’s lawsuit information straight from Icarus. The hackers besides alleged that Klue paid an “Icarus relation who is simply a teen surviving determination successful the UK oregon adjacent countries.” TechCrunch has obtained nary autarkic verification that Klue paid Icarus, nor could we find wherefore the Icarus website is down. A Klue spokesperson did not instantly respond to a petition for comment. 

According to the hackers, this idiosyncratic made a mistake that allowed them to link to the server wherever the relation was keeping the stolen Klue’s lawsuit data.

“Pay the ransom oregon we volition leak everything if you nary wage us,” the cybercriminals wrote successful a connection connected the site, wherever they claimed determination are 195 affected Klue customers successful total. 

In its Thursday update to customers, Klue said: “Icarus told america that the different enactment has lone samples of information for a subset of customers, not each of the data. Icarus has asked america to pass Klue customers to not marque outgo to this different party.” 

Klue suggested its customers who are successful interaction with this 2nd radical of hackers to inquire for a random illustration of data, arsenic impervious that the hackers truly person the information they assertion to have. 

The institution antecedently said that the hackers stole customers’ information by utilizing a 2022 third-party credential that was portion of a constricted pilot. The hackers past utilized their entree to Klue’s systems to bargain customers’ authentication keys — known arsenic OAuth tokens — and log into their clouds and databases. Klue has not provided much details astir this stolen credential, specified arsenic who it was assigned to, oregon wherefore it was not revoked successful the past 4 years.