Cyber Incident Victim: HackerOne

On June 12, 2026, attackers gained access to the Klue platform by exploiting a legacy credential tied to an integration tool that connects client cloud data with Klue accounts. The intrusion was later claimed by the cybercriminal group Icarus, which posted a statement threatening to release the stolen data publicly by the following Monday unless a ransom was paid. In response, Klue enlisted the cybersecurity firm CrowdStrike to investigate the breach and contain the incident, while also disabling all external integrations to prevent further unauthorized access. The company has not disclosed whether it intends to meet the ransom demand.

Among the victims of the data theft, HackerOne confirmed that its information was included in the compromised dataset, joining other cybersecurity and software firms such as Snyk, Recorded Future, Jamf, OneTrust, Tanium, and Gong. The stolen data primarily consists of business contact details, including full names, email addresses, phone numbers, job titles, and some account information associated with the affected organizations. Experts cited in the reporting note that this type of data could be used as a foundation for more sophisticated phishing campaigns targeting employees of the compromised companies. Klue has not yet released a precise count of how many of its hundreds of clients were impacted by the breach.

The incident reflects a broader trend in which threat actors focus on intermediary platforms that aggregate data for many organizations, seeking to maximize the payoff from a single compromise. Similar patterns have been observed in recent attacks on services such as Snowflake and Tanstack, where attackers exploited central repositories to gain access to multiple client environments. As of the latest available reporting, no further details have been provided regarding the status of the ransom negotiation or any potential data leak by the Icarus group.