Here’s something that you should pay attention to. Market intelligence platform Klue suffered a OAuth breach. That is back. But via a blog post it is much worse.
On June 12, we identified unauthorized activity affecting a portion of Klue’s integration infrastructure. Since then, we’ve been working alongside trusted cybersecurity experts to understand what happened, support our customers, and restore the connections you rely on. Our investigation determined that an attacker gained access through a compromised legacy credential associated with an integration service. The attacker used that access to obtain OAuth tokens used to connect Klue with certain third-party platforms, including Salesforce, and subsequently accessed data within a number of connected customer environments. Based on our investigation to date, the incident was limited to the affected third-party platforms, and there is no evidence that customer content stored within the Klue platform was impacted. We recognize that customers rely on Klue to securely connect to their systems, and we understand the seriousness of that responsibility.
Since then, several companies have come forward to confirm they had data stolen during the attack, including Gong, Jamf, HackerOne, Insurity, OneTrust, Recorded Future, Snyk, Sprout Social, and Tanium. The growing list of cybersecurity firms disclosing the impact from the this hack is a striking data point: These are organizations that build security for a living, ran standard vendor assessments, and still got caught in the blast radius. That’s not a failure of due diligence. That’s a failure of due diligence to actually measure.
Justin Beals, CEO & Founder, Strike Graph, an AI-native GRC and compliance automation platform had this to say:
“Cybersecurity vendors getting breached through a shared SaaS dependency is the clearest possible signal that the questionnaire model of third-party risk is broken. These are companies that build security for a living. They did their due diligence. It didn’t matter, because due diligence in TPRM today is still mostly measuring what vendors say about themselves, not what their controls actually do. Traditional TPRM tools have true positive detection rates below 30%. That’s not a risk management program. That’s a paper trail. The Klue incident is going to keep expanding because the underlying failure, trusting attestations over verified evidence, is industry-wide. Until organizations move from point-in-time assessments to continuous, evidence-validated controls across their vendor ecosystem, the blast radius of the next shared dependency breach is going to be just as wide.”
Seeing as you are only as secure as the guy you work with, you have to take your time and put a whole lot of effort into maintaining security. Otherwise this because more of the norm rather than the exception.
Related
This entry was posted on June 22, 2026 at 11:48 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Klue Hack Has A Bunch Of Companies Caught In The Blast Radius
Here’s something that you should pay attention to. Market intelligence platform Klue suffered a OAuth breach. That is back. But via a blog post it is much worse.
On June 12, we identified unauthorized activity affecting a portion of Klue’s integration infrastructure. Since then, we’ve been working alongside trusted cybersecurity experts to understand what happened, support our customers, and restore the connections you rely on. Our investigation determined that an attacker gained access through a compromised legacy credential associated with an integration service. The attacker used that access to obtain OAuth tokens used to connect Klue with certain third-party platforms, including Salesforce, and subsequently accessed data within a number of connected customer environments. Based on our investigation to date, the incident was limited to the affected third-party platforms, and there is no evidence that customer content stored within the Klue platform was impacted. We recognize that customers rely on Klue to securely connect to their systems, and we understand the seriousness of that responsibility.
Since then, several companies have come forward to confirm they had data stolen during the attack, including Gong, Jamf, HackerOne, Insurity, OneTrust, Recorded Future, Snyk, Sprout Social, and Tanium. The growing list of cybersecurity firms disclosing the impact from the this hack is a striking data point: These are organizations that build security for a living, ran standard vendor assessments, and still got caught in the blast radius. That’s not a failure of due diligence. That’s a failure of due diligence to actually measure.
Justin Beals, CEO & Founder, Strike Graph, an AI-native GRC and compliance automation platform had this to say:
“Cybersecurity vendors getting breached through a shared SaaS dependency is the clearest possible signal that the questionnaire model of third-party risk is broken. These are companies that build security for a living. They did their due diligence. It didn’t matter, because due diligence in TPRM today is still mostly measuring what vendors say about themselves, not what their controls actually do. Traditional TPRM tools have true positive detection rates below 30%. That’s not a risk management program. That’s a paper trail. The Klue incident is going to keep expanding because the underlying failure, trusting attestations over verified evidence, is industry-wide. Until organizations move from point-in-time assessments to continuous, evidence-validated controls across their vendor ecosystem, the blast radius of the next shared dependency breach is going to be just as wide.”
Seeing as you are only as secure as the guy you work with, you have to take your time and put a whole lot of effort into maintaining security. Otherwise this because more of the norm rather than the exception.
Share this:
Like this:
Related
This entry was posted on June 22, 2026 at 11:48 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.