Cyber Incident Victim: Gong
Date:
Jun 2026
Location:
United States of America
Summary
Klue, a marketing intelligence platform, was breached by the Icarus cybercriminal group which accessed the system through a legacy credential linked to an integration tool and stole client data such as names, email addresses, phone numbers, job titles and account details; the group threatened to publish the information unless a ransom was paid. Among the affected clients were several cybersecurity firms including Gong, HackerOne, Snyk, Recorded Future, Jamf, OneTrust and Tanium. Klue has enlisted CrowdStrike to investigate, has disabled external integrations and has not disclosed whether it will meet the ransom demand.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On June 12, 2026, attackers gained access to the Klue platform by exploiting a legacy credential tied to an integration tool that links clients' cloud data with Klue accounts. The intrusion allowed the threat actors to reach internal databases, including Salesforce, and exfiltrate confidential information. The Icarus cybercriminal group subsequently claimed responsibility for the breach and posted a warning on their site that the stolen data would be released publicly by the following Monday unless a ransom was paid. Klue confirmed that the attack affected multiple clients, naming several prominent organizations among the victims, including Gong, HackerOne, Snyk, Recorded Future, Jamf, OneTrust, and Tanium. The company has not disclosed the exact number of its hundreds of customers whose data was compromised. In response, Klue engaged the cybersecurity firm CrowdStrike to conduct an investigation and to help mitigate the ongoing impact. As a precautionary measure, all external integrations with the Klue platform were temporarily disabled to prevent further unauthorized access.
The compromised data primarily consists of business contact details such as full names, email addresses, phone numbers, job titles, and some account information. Experts quoted in the reporting noted that this type of information could enable more sophisticated phishing campaigns against the affected individuals and their organizations. Gong, as one of the listed victims, therefore had its client contact information exposed in the same manner as the other named companies. The incident fits a broader pattern of attacks targeting intermediary platforms that aggregate data for many enterprises, similar to recent breaches involving services like Gainsight, Salesloft, Snowflake, and Tanstack. Klue has stated that it is working with CrowdStrike to assess the full scope of the leak and to determine any further steps, but has not yet announced whether it will comply with the ransom demand. No official statement has been made regarding payment of the ransom or the exact timeline for restoring normal service operations.