Is your establishment protected against today's ever-evolving wave of cybercrime? A recent story has surfaced where hackers hacked hackers, not as a form of vigilantism but for profit. Learn more about it here.
Are You a Klue User?
Klue is a competitive enablement platform designed to help businesses with market intelligence. Many rely on this tool to gather insights on sales trends, rival strategies, and customer behavior, all in one place.
Unfortunately, the company recently suffered a significant data breach. The cyber extortion group Icarus gained access to Klue by using a legacy credential, an old login meant for an abandoned pilot project from 2022 that was never turned off. Once inside, the attackers inserted malicious code designed to find and steal OAuth tokens. These digital "master keys" allowed the group to steal sensitive information (mostly Salesforce customer data) from various customer relationship management (CRM) platforms.
When a Threat Actor Group Targets Other Cybercriminals
Before Icarus could make demands, another unnamed hacking group breached their private servers and downloaded the entire dataset of stolen information. This allowed the second group to launch their own extortion campaign against affected victims.
Non-Klue users aren't in the clear just yet. If your business uses any of the following tools or platforms that rely on Klue's insights, you may also be affected:
- Gong
- Jamf
- HackerOne
- Huntress
- Insurity
- LastPass
- OneTrust
- Recorded Future
- Snyk
- Sprout Social
- Tanium
How Can Your Business Stay Ahead of Hackers?
In today's hostile landscape where hackers hack hackers just to access your sensitive data, why wait for an incident to happen? Err on the side of caution and take the proactive route with these steps.
Audit Vendor Policies
It's always good practice to continuously inventory all third-party app connections. Your organization's attack surface includes not just your internal systems, but every vendor you authorize to access your data.
Disable, delete, or "deprovision" any integrations or ownerless accounts tied to abandoned projects or legacy pilots.
Control System Logs
Since hackers often rely on rapid, automated scripts to download massive amounts of data in a short time, some preventive measures you can take include:
- Enforcing strict quotas on data transfers per user session
- Deploying adaptive throttling to slow down suspicious traffic spikes
- Installing Web Application Firewalls (WAFs) to block known scraping bots
- Integrating CAPTCHA mechanisms for high-value data endpoints
- Requiring multi-factor authentication (MFA) for all data-export functions
- Setting automated alerts for unusual data exfiltration volumes
Tighten Integration Privileges
When you connect a third-party app to core platforms like Salesforce or HubSpot, the app uses OAuth tokens to access your data. That's why you should avoid granting broad, global administrative privileges when possible. An application should have access only to the exact data it needs to function, and nothing more.
Stay Alert, Stay Protected
The recent Klue supply chain attack should serve as a wake-up call for businesses. When hackers hack other hackers to steal customer data, it signifies a growing number of cybercrime groups operating like professional organizations.
Always question unusual activity and implement layered security measures for third-party services.

