[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-klues-stolen-data-got-stolen-from-the-hackers-who-stole-it":10,"sections":46},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":22,"persona_id":22,"persona_name":22,"section":35,"tags":36,"sources":41,"feedback":45,"feedback_at":22,"cost_usd":45,"total_tokens":45},2281,"klues-stolen-data-got-stolen-from-the-hackers-who-stole-it","Klue's Stolen Data Got Stolen From the Hackers Who Stole It","After ransomware group Icarus stole Klue customer data, an unnamed second group stole it from Icarus and is now extorting those customers directly.","A second hacker group has stolen Klue's customer data from Icarus, the ransomware gang that originally took it, and is now running its own extortion campaign against Klue's customers.\n\nKlue, a market intelligence platform, disclosed earlier this month that the Icarus ransomware group had breached its systems, with the fallout hitting customers including LastPass, Gong, Jamf, HackerOne, and Huntress. Klue entered talks with Icarus, which claimed to be deleting the stolen files. Then a second, unnamed group emerged claiming it had accessed the server where Icarus stored the data after an Icarus member accidentally left a connection open. That group is now directly extorting Klue's affected customers and has posted an unverified claim that an Icarus operator, described as a UK-based teenager, had already been paid by Klue to delete the data.\n\nThis is what supply chain compromises look like when they go wrong a second time. Once data leaves a company's control, the company loses the ability to govern it and can only appeal to whoever holds it. Klue has reached that position: it is now relaying messages from the original attackers to its own customers, including Icarus's request that they not pay the rival group.\n\nKlue advised customers to ask the second group for random samples of their data to gauge whether the group actually holds the full dataset. That is a reasonable starting point, though a random sample proves only what an extorter chooses to show — it cannot confirm what else they may be sitting on. Readers should note that this verification method is heuristic at best: a thief with partial data can produce a convincing sample regardless of whether they have the rest.","[\"ransomware\",\"data breach\",\"supply chain\",\"extortion\"]","2026-06-26T13:27:16.000Z","2026-06-26T14:37:37.350Z","2026-06-27T15:37:44.055Z","published",null,[24,30],{"id":25,"reviewer":26,"round":27,"reason":28,"status":29},"publisher-r1","publisher",1,"The article instructs customers to demand 'random data samples' from the second group, but this appears to be an error — the standard practice is to demand *proof-of-deletion* or *specific* data samples to verify authenticity, and the phrasing 'random data samples' is internally inconsistent with the verification logic described.","resolved",{"id":31,"reviewer":32,"round":33,"reason":34,"status":29},"editor-r2","editor",2,"The article says Klue advised customers to request 'specific data samples' but the source material says 'random samples of their data' — change 'specific' back to 'random' to match the source, and the open concern [publisher-r1] about the internal logic of that phrasing must be flagged or resolved before publication.","security",[37,38,39,40],"ransomware","data breach","supply chain","extortion",[42],{"name":43,"url":44},"TechRadar","https:\u002F\u002Fwww.techradar.com\u002Fpro\u002Fsecurity\u002Funnamed-hackers-steal-stolen-data-from-icarus-hackers-responsible-for-klue-supply-chain-hack-and-yes-its-as-confusing-as-it-sounds",0,{"sections":47},[48,53,57,62,67,72,77,82,87,92,97,101,106,111],{"name":49,"slug":50,"count":51,"latest_published_at":52},"AI","ai",2590,"2026-07-16T04:00:00.000Z",{"name":54,"slug":35,"count":55,"latest_published_at":56},"Security",294,"2026-07-15T19:59:48.000Z",{"name":58,"slug":59,"count":60,"latest_published_at":61},"Deals","deals",179,"2026-06-29T20:02:07.000Z",{"name":63,"slug":64,"count":65,"latest_published_at":66},"Policy","policy",158,"2026-07-16T00:02:48.000Z",{"name":68,"slug":69,"count":70,"latest_published_at":71},"Hardware","hardware",122,"2026-07-14T19:46:26.000Z",{"name":73,"slug":74,"count":75,"latest_published_at":76},"Consumer Tech","consumer-tech",93,"2026-07-13T13:20:48.000Z",{"name":78,"slug":79,"count":80,"latest_published_at":81},"Software","software",70,"2026-07-13T19:52:25.000Z",{"name":83,"slug":84,"count":85,"latest_published_at":86},"Science","science",66,"2026-07-10T10:29:37.000Z",{"name":88,"slug":89,"count":90,"latest_published_at":91},"Dev Tools","dev-tools",59,"2026-07-07T04:00:00.000Z",{"name":93,"slug":94,"count":95,"latest_published_at":96},"Gaming","gaming",41,"2026-07-09T04:00:00.000Z",{"name":98,"slug":99,"count":95,"latest_published_at":100},"Startups","startups","2026-06-29T20:55:50.000Z",{"name":102,"slug":103,"count":104,"latest_published_at":105},"General","general",29,"2026-07-10T22:28:58.000Z",{"name":107,"slug":108,"count":109,"latest_published_at":110},"Reviews","reviews",20,"2026-06-24T12:00:01.000Z",{"name":112,"slug":113,"count":114,"latest_published_at":115},"How-To","how-to",6,"2026-06-16T09:00:00.000Z"]