Klue breach traced to stolen 2022 credential from pilot program

Vancouver-based Klue disclosed that a credential dating back to 2022, originally provided to a third party for a limited pilot program, was used by hackers in early June 2026 to steal customer data. The company detected the breach on June 12 and publicly disclosed it on June 16. Klue spokesperson Katie Berg confirmed the credential was from the pilot but declined to specify the pilot's purpose, duration, or the third party's identity, or explain why the credential was never revoked after the pilot ended. The hackers exploited access to Klue's systems to obtain OAuth tokens, which provided access to customer data stored in external cloud systems and databases. Affected customers included password manager LastPass and several other cybersecurity companies. The hacking group Icarus claimed responsibility for the breach and publicly threatened to release the stolen data unless a ransom was paid. Klue stated it is conducting a comprehensive review of credential management, vendor access controls, monitoring capabilities, and deployment security processes, but provided no additional details. The company has not disclosed the type of credential compromised, whether it was an employee credential or stolen from the third party, or whether it has contacted the attackers.