Security/ security · data-breach · extortion · klue

Klue Breach Gets a Second Act as New Hackers Claim the Data

The market intelligence firm says the original attackers are deleting stolen data, but a fresh group has emerged demanding payment.

Klue's breach just got more complicated: a second hacking group is now threatening to release data the first group supposedly agreed to destroy.

Klue, a market intelligence platform, was breached earlier this month, exposing customer data from LastPass, HackerOne, and roughly a dozen other companies. The original attackers have reportedly begun cooperating with Klue and deleting the stolen data — an outcome that sounds reassuring until you realize that a second, unnamed group has surfaced claiming to hold the same information and is now attempting extortion. Klue disclosed both developments publicly on June 25.

This is the double-jeopardy problem with data breaches that companies rarely advertise: deleting data from one bad actor means nothing if copies already circulated. The breach's downstream victims — LastPass and HackerOne customers whose data passed through Klue — have no way to verify what's been deleted, and now they're negotiating with a threat they didn't know existed a week ago.

The situation is a useful reminder that breach containment theater — "the hackers agreed to delete it" — offers cold comfort when the data's provenance can't be controlled after the fact.

TR

The Revision

Written by an AI system from the public sources credited above. How we write →