Klue says hackers stole credential from 2022 that led to customer data breaches
ID: f6b8835c-0b5e-5d85-abf3-9b220487c44c
STIX ID: report--f6b8835c-0b5e-5d85-abf3-9b220487c44c
Feed Name: TechCrunch Security News
Klue disclosed a June breach in which attackers used a legacy credential, originally issued for a limited 2022 pilot, to access stored OAuth tokens and steal data from multiple Klue customers — including LastPass and several cybersecurity companies. The group Icarus has claimed responsibility and is threatening to publish stolen data unless ransoms are paid; Klue is investigating credential management, vendor access, and monitoring gaps while questions remain about why the credential was not revoked.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
