Key facts
- Klue confirmed hackers used a credential from a 2022 pilot program to steal customer data.
- The stolen data included OAuth tokens, which grant access to customer data stored in other clouds.
- The breach affected several cybersecurity companies and password manager maker LastPass.
- The hacking group Icarus claimed responsibility for the attack.
- Klue is reviewing its credential management and security processes.
Market research firm Klue has confirmed that a credential from a limited pilot program in 2022 was exploited by hackers earlier this month to steal significant amounts of data from its corporate clients. The breach, detected on June 12, allowed attackers to download customer data by using the compromised credential, which served as an OAuth token to access data stored in external clouds and databases.