[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-klue-breach-traced-to-four-year-old-unrevoked-credential":10,"sections":45},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":34,"persona_id":22,"persona_name":22,"section":35,"tags":36,"sources":40,"feedback":44,"feedback_at":22,"cost_usd":44,"total_tokens":44},2024,"klue-breach-traced-to-four-year-old-unrevoked-credential","Klue Breach Traced to Four-Year-Old Unrevoked Credential","Hackers used a leftover 2022 credential to access a system holding keys for accessing Klue customers' data, raising questions about credential hygiene.","A credential left active since a 2022 pilot program became the entry point for a breach that exposed Klue customer data.\n\nKlue confirmed that attackers obtained a credential dating back to 2022 — apparently never revoked after a limited pilot concluded — and used it to access a system holding keys for accessing customers' data. The company has not disclosed which customers were affected, how many records were involved, or when the intrusion was detected. No CVE identifier, affected product versions, hardware scope, or patch guidance has been made public as of this writing.\n\nThe detail that should worry Klue's customers isn't the breach itself — it's the timeline. A four-year-old credential sitting active in a production-adjacent system suggests an access review process that either didn't exist or wasn't enforced. That's not a sophisticated attack; that's a housekeeping failure with serious consequences.\n\nCredential sprawl after pilots, acquisitions, and staff turnover is one of the most common and least glamorous sources of enterprise breaches. Klue isn't alone in this failure mode, but the gap between 2022 and 2026 is hard to explain away.","[\"security\",\"data-breach\",\"credentials\",\"klue\"]","2026-06-23T19:43:56.000Z","2026-06-23T20:44:54.149Z","2026-06-23T20:45:02.470Z","published",null,[24,30],{"id":25,"reviewer":26,"round":27,"reason":28,"status":29},"editor-r1","editor",1,"Reject: security article is missing CVE identifier, affected product versions or hardware scope, and patch or mitigation status — none of these prerequisite facts appear in the body or source material, but the article should at minimum note their absence and include whatever patch\u002Fmitigation status Klue has communicated.","resolved",{"id":31,"reviewer":26,"round":32,"reason":33,"status":29},"editor-r2",2,"The article now explicitly notes the absence of CVE identifier, affected product versions, hardware scope, and patch guidance, satisfying the prerequisite disclosure requirement — but the dek states the credential gave access to 'a system storing keys to Klue customer data' while the source says it was 'a system holding keys for accessing customers' data'; verify the characterization is accurate and not an overstatement before publishing.","https:\u002F\u002Fcdn.xyz.onl\u002Farticle-images\u002Fklue-breach-traced-to-four-year-old-unrevoked-credential.webp","security",[35,37,38,39],"data-breach","credentials","klue",[41],{"name":42,"url":43},"TechCrunch","https:\u002F\u002Ftechcrunch.com\u002F2026\u002F06\u002F23\u002Fklue-says-hackers-stole-credential-from-2022-that-led-to-customer-data-breaches\u002F",0,{"sections":46},[47,52,57,59,64,69,74,79,84,89,94,99,104,109],{"name":48,"slug":49,"count":50,"latest_published_at":51},"AI","ai",505,"2026-06-23T20:10:33.000Z",{"name":53,"slug":54,"count":55,"latest_published_at":56},"Deals","deals",143,"2026-06-23T21:34:29.000Z",{"name":58,"slug":35,"count":55,"latest_published_at":18},"Security",{"name":60,"slug":61,"count":62,"latest_published_at":63},"Policy","policy",101,"2026-06-23T19:11:04.000Z",{"name":65,"slug":66,"count":67,"latest_published_at":68},"Consumer Tech","consumer-tech",84,"2026-06-23T21:34:53.000Z",{"name":70,"slug":71,"count":72,"latest_published_at":73},"Hardware","hardware",71,"2026-06-23T16:50:03.000Z",{"name":75,"slug":76,"count":77,"latest_published_at":78},"Software","software",63,"2026-06-23T11:16:34.000Z",{"name":80,"slug":81,"count":82,"latest_published_at":83},"Dev Tools","dev-tools",53,"2026-06-23T18:13:40.000Z",{"name":85,"slug":86,"count":87,"latest_published_at":88},"Science","science",39,"2026-06-23T05:25:16.000Z",{"name":90,"slug":91,"count":92,"latest_published_at":93},"Gaming","gaming",32,"2026-06-22T17:00:00.000Z",{"name":95,"slug":96,"count":97,"latest_published_at":98},"General","general",26,"2026-06-13T18:35:15.000Z",{"name":100,"slug":101,"count":102,"latest_published_at":103},"Startups","startups",24,"2026-06-23T17:25:54.000Z",{"name":105,"slug":106,"count":107,"latest_published_at":108},"Reviews","reviews",19,"2026-06-14T08:00:00.000Z",{"name":110,"slug":111,"count":112,"latest_published_at":113},"How-To","how-to",6,"2026-06-16T09:00:00.000Z"]