Technology

Hacking Company's Customer Data: What Happened and Why It Matters

Martin HollowayPublished 2w ago3 min readBased on 3 sources
Reading level
Hacking Company's Customer Data: What Happened and Why It Matters

Klue, a company that helps sales teams with competitive research, was hacked on June 12 and had customer information stolen. Now two separate problems are emerging: the original hackers are deleting what they took, but a different group of hackers is making their own threats, TechCrunch reports.

The attack succeeded because hackers found an old password or login token that was never deleted or changed. This old credential let them into Klue's systems. Once inside, they could see customer data — including information from Huntress, a security company, and several other companies that help protect computer networks. The cascade is notable: a vendor loses data, and through that vendor, so do the security firms that use it.

A hacking group called Icarus took credit for the theft and posted stolen data on June 22, according to Huntress's own investigation. But here's the unusual part: Icarus is now deleting the data. Most hackers keep stolen information to demand ransom or sell it. Deleting it voluntarily — without publicizing a payoff — breaks the usual pattern, though it's possible money changed hands quietly.

The new wrinkle: a different group of hackers has now surfaced with threats of their own. From what's been reported so far, it's unclear whether they have the same data or just part of it. This creates a problem: a breach followed by scavengers looking to exploit it extends the damage far beyond the original attack.

The core issue is an old password that was never cleaned up. In large organizations, this happens more often than you'd think. Old logins from integrations pile up over years, and removing them all costs time and money. Companies that work with many other businesses — like Klue does — are tempting targets because one old password can unlock customer data from dozens of downstream organizations.

The security companies affected face a particular headache. The data stolen from them isn't obviously valuable to criminals in the way that credit card numbers are — it's things like how they detect attacks, which tools they use, how they're organized. But that kind of information has real intelligence value to the right parties. Whether the second group of hackers is after money, espionage, or just disruption, these security firms now have to notify their own customers while managing their own exposure.

Huntress published a detailed timeline of what happened publicly, which is the kind of honest incident handling the security industry says it values but rarely does. Other affected companies can use Huntress's example as they work through their own notification obligations.

The breach is still active. As of June 25, 2026, a second threat group is making threats, and no one has publicly confirmed the full scope of what was stolen before any deletion began. If you're a Klue customer — especially if you work in security — you should assume your data has been seen by at least two separate hacker groups, no matter what they do with it next.