, , ,

Klue Hack Escalates: Original Hackers Claim Data Deletion Amidst New Extortion Threat

June 26, 2026 | Published by AI News Pro

Market research firm Klue is navigating a complex cybersecurity crisis after a breach earlier this month saw customer data stolen. The company has revealed it is in communication with the hacking group, identified as ‘Icarus,’ which has reportedly claimed to be deleting the compromised data. This development comes as a secondary, unnamed hacking group has emerged, threatening to leak the stolen information and directly extorting Klue’s customers.

In an update shared with its clients, Klue stated that Icarus indicated it was taking steps to erase the data pilfered from Klue’s customers. Concurrently, the Icarus website, which had previously been used to threaten data release, appears to be offline. This situation, while seemingly pointing towards a potential resolution with the initial attackers, has been complicated by the emergence of the new threat actor.

The second group has posted a list of allegedly affected companies on their own platform, claiming to have obtained the stolen Klue customer data directly from Icarus. This new gang is demanding ransom payments from Klue’s customers, threatening to release all data if their demands are not met. Klue has advised its customers not to engage with this second group, noting that they likely only possess a subset of the stolen data, not the entirety.

The initial breach, confirmed on June 12, involved the theft of customer data through the exploitation of a third-party credential from a limited pilot program in 2022. The attackers subsequently gained access to Klue’s systems, stealing OAuth tokens that allowed them to access customer cloud environments and databases. Klue has not yet disclosed further details regarding the compromised credential or why it remained active.

Key Takeaways

  • Klue is in communication with the initial hacking group, Icarus, who claims to be deleting stolen customer data.
  • A second, unnamed hacking group has emerged, threatening to leak the data and extorting Klue's customers directly.
  • The initial breach involved the theft of customer data and OAuth tokens via a compromised third-party credential.

Editor’s Analysis & Impact

This escalating situation highlights the volatile nature of cybersecurity incidents and the complex threat landscape faced by businesses. The emergence of a secondary hacking group after the primary attacker claims to be de-escalating suggests a potential internal conflict or opportunistic exploitation within the cybercriminal ecosystem. For Klue and its customers, this means navigating not only the aftermath of a data breach but also the immediate threat of data leakage and direct extortion. Companies affected will need robust incident response plans, clear communication strategies, and potentially enhanced security measures to mitigate further damage and rebuild trust.

Frequently Asked Questions

Q: What happened during the Klue data breach?
A: Cybercriminals gained access to Klue's systems on June 12, stealing customer data by exploiting a third-party credential from a 2022 pilot program. They also stole OAuth tokens, allowing access to customer cloud environments and databases.

Q: What is the significance of the second hacking group?
A: The second group claims to have obtained the stolen data from the original attackers (Icarus) and is now directly extorting Klue's customers, threatening to leak the data if ransoms are not paid. Klue advises customers not to pay this second group.

Q: What is Klue doing to address the situation?
A: Klue is communicating with the initial hacking group, Icarus, who claims to be deleting the stolen data. The company has also informed its customers about the second group and advised them on how to respond, recommending they ask for data samples as proof of possession and not to pay the ransom.

AI Disclosure: This article is based on verified data and official reports. Our Team and AI have cross-referenced every financial detail with primary sources to ensure total accuracy.

More from this Category

TechCrunch Founder Summit Sets Stage for Boston Gathering as Early Registration Deadline Approaches
, , ,

TechCrunch Founder Summit Sets Stage for Boston Gathering as Early Registration Deadline Approaches

The upcoming TechCrunch Founder Summit, scheduled for November 4 in Boston, is gearing up to bring together over 1,000 startup founders, venture capitalists, and industry operators. Designed as a highly curated, day-long bootcamp, the event aims to facilitate tactical learning and foster meaningful networking opportunities. Aspiring entrepreneurs and established business leaders will gather to share […]
Aseon Labs Secures $10 Million to Revolutionize Robotaxi Efficiency with Automated Pit Stops
, , ,

Aseon Labs Secures $10 Million to Revolutionize Robotaxi Efficiency with Automated Pit Stops

The rapid expansion of autonomous vehicle fleets in urban centers has highlighted a significant operational hurdle: the inefficiency of ‘deadhead miles.’ Currently, robotaxis must frequently travel long distances to centralized depots for cleaning, maintenance, and charging, taking them out of service during peak demand hours. This logistical bottleneck remains a primary obstacle for companies striving […]
The Deep Heat Revolution: How Next-Gen Geothermal Could Reshape Global Energy
, , ,

The Deep Heat Revolution: How Next-Gen Geothermal Could Reshape Global Energy

Geothermal energy is emerging as a rare point of bipartisan agreement in the United States, positioning itself as a critical pillar for future energy independence and decarbonization. By tapping into the immense, natural heat stored beneath the Earth’s surface, next-generation technologies are moving beyond traditional hotspots to access deeper, hotter, and more versatile energy reservoirs. […]