Technology

What You Need to Know About the Klue Hack That Hit Major Tech Companies

Martin HollowayPublished 2w ago3 min readBased on 5 sources
Reading level
What You Need to Know About the Klue Hack That Hit Major Tech Companies

A company called Klue, which helps businesses track competitors, was hacked in a way that exposed customer data at seven major cybersecurity firms. Those companies include HackerOne, Huntress, and several others, according to reports from June 2026.

Klue's main product is called Battlecards. It connects to companies' sales systems (specifically Salesforce) to pull in information about deals, competitors, and sales contacts. Hackers took over someone's login credentials to Battlecards, and used that to break into customer sales systems. A hacker group calling itself Icarus has claimed responsibility.

How the Attack Worked

Klue is one of many outside software programs that big companies let into their internal systems. Most companies watch their main security tools pretty carefully, but they pay less attention to tools in areas like sales and marketing. That's where Klue fits.

Battlecards connects to Salesforce using a system called OAuth. Think of OAuth as a secure handshake between two programs: instead of giving Battlecards your actual password, Salesforce gives it specific permission to read certain information—like a key card that opens only certain doors. Once hackers got hold of that key card, they could walk through those doors and take whatever data they wanted.

Salesforce systems at big companies typically contain a lot of valuable information: customer lists, upcoming deals, financial targets, internal notes. All of that was now at risk.

Two of the affected companies—Huntress and HackerOne—confirmed their customer data was exposed and made public statements about it on June 18 and 19 respectively.

Why This Matters

The companies hit by this hack are not random. HackerOne runs a service that many Fortune 500 companies use to report security problems. Recorded Future sells information about computer threats to major corporations. The other companies hit—Snyk, Tanium, and Jamf—are woven into how enterprises handle security every day. When something happens to these companies, it affects a lot of other organizations downstream.

All of these companies used Klue because they had a real reason to: they wanted to know what their competitors were doing. That's a normal business activity. But most companies don't vet outside sales software the same way they vet outside security software. This incident shows what can happen when that difference in attention causes problems.

More companies may announce they were affected over the coming weeks. When this type of hack happens—where someone gains access through a third-party connection—additional victims usually come to light over time as companies review their internal logs and send out notifications.

What Happens Next

The hacker group Icarus claimed the attack publicly, which is typical for groups trying to get attention or reputation. Attribution claims like this should be treated with skepticism unless there's solid technical proof—but they do matter for how affected companies decide how to respond.

OAuth app abuse of this kind isn't new. But seeing it used against a vendor that connects to multiple security companies at once shows that the web of outside software running through companies is a real security problem. To reduce damage when something like this happens, companies need to regularly check what permissions they've given to outside apps, limit those permissions as much as possible, and keep watching to see if anything unusual happens.

Over the next few weeks, you'll likely see more companies announce they were also hit.