logo

Klue says hackers stole credential from 2022 that led to customer data breaches

ID: f6b8835c-0b5e-5d85-abf3-9b220487c44c

STIX ID: report--f6b8835c-0b5e-5d85-abf3-9b220487c44c

Feed Name: TechCrunch Security News

Threat Score
75/100

Date Published: 2026-06-23

Date Updated: 2026-06-24

Author: Zack Whittaker

...
...

Klue disclosed a June breach in which attackers used a legacy credential, originally issued for a limited 2022 pilot, to access stored OAuth tokens and steal data from multiple Klue customers — including LastPass and several cybersecurity companies. The group Icarus has claimed responsibility and is threatening to publish stolen data unless ransoms are paid; Klue is investigating credential management, vendor access, and monitoring gaps while questions remain about why the credential was not revoked.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.