Hacked Klue says criminals are deleting stolen customer data, but now other hackers are making threats
Hacked Klue says criminals are deleting stolen customer data, but now other hackers are making threats
遭黑客攻击的 Klue 表示犯罪分子正在删除被盗的客户数据,但其他黑客又发出了威胁
Market research provider Klue, which was hacked earlier this month in a breach that allowed cybercriminals to steal reams of data belonging to several of its customers, said that it is communicating with the hackers. The company also said it believes the group is deleting the stolen data, TechCrunch has learned. 市场研究提供商 Klue 本月初遭到黑客攻击,导致网络犯罪分子窃取了其多位客户的大量数据。据 TechCrunch 获悉,Klue 表示目前正与黑客保持沟通,并认为该组织正在删除被盗数据。
“We continue to communicate with the threat actor we have been in contact with (‘Icarus’),” the company wrote in an update shared privately on Wednesday night with its customers, which TechCrunch has seen and verified with multiple sources. “Icarus told us they are taking steps to delete the data taken from Klue customers. The Icarus site remains down and we have indications that Icarus is indeed taking steps to delete data taken from Klue customers.” “我们继续与我们一直保持联系的威胁行为者(‘Icarus’)进行沟通,”该公司在周三晚间私下分享给客户的更新中写道,TechCrunch 已查阅该更新并经多方来源证实。“Icarus 告诉我们,他们正在采取措施删除从 Klue 客户那里获取的数据。Icarus 的网站目前仍处于关闭状态,我们有迹象表明 Icarus 确实正在采取措施删除这些数据。”
On Monday, Klue confirmed that hackers broke into its systems on June 12 and stole an unspecified amount of data from an unspecified number of its customers. Since then, several Klue customers have confirmed they were affected by the breach, including Gong, Jamf, HackerOne, Huntress, Insurity, LastPass, OneTrust, Recorded Future, ReliaQuest, Snyk, Sprout Social, and Tanium. 周一,Klue 证实黑客于 6 月 12 日入侵了其系统,并从数量不详的客户那里窃取了数量不详的数据。此后,包括 Gong、Jamf、HackerOne、Huntress、Insurity、LastPass、OneTrust、Recorded Future、ReliaQuest、Snyk、Sprout Social 和 Tanium 在内的多家 Klue 客户已确认受到此次泄露事件的影响。
At the time, the hacking group Icarus was threatening Klue to release the stolen customers’ data in an attempt to extort the company. As of Thursday morning, when TechCrunch checked, the Icarus website appears to be down, which is also what Klue privately told its customers. 当时,黑客组织 Icarus 威胁 Klue 要公布被盗的客户数据,试图以此勒索该公司。截至周四上午 TechCrunch 查看时,Icarus 的网站似乎已无法访问,这也与 Klue 私下告知客户的情况一致。
While all this seems to point to a resolution, the hack got messier in the last couple of days. According to Klue, Icarus told the company that there is a second gang of hackers that is trying to extort its customers directly. This unnamed gang posted a list of allegedly affected companies on its own website, which TechCrunch has seen, where they claimed to have stolen Klue’s customer data directly from Icarus. 虽然这一切似乎指向了问题的解决,但过去几天里,这次黑客攻击事件变得更加复杂。据 Klue 称,Icarus 告知该公司,有第二个黑客团伙正试图直接勒索其客户。这个未具名的团伙在其网站上发布了一份据称受影响的公司名单(TechCrunch 已查阅),并声称他们直接从 Icarus 那里窃取了 Klue 的客户数据。
The hackers also alleged that Klue paid an “Icarus operator who is a teenager living somewhere in the UK or adjacent countries.” TechCrunch has obtained no independent verification that Klue paid Icarus, nor could we determine why the Icarus website is down. A Klue spokesperson did not immediately respond to a request for comment. 黑客还声称 Klue 向一名“居住在英国或邻国某处的青少年 Icarus 操作员”支付了费用。TechCrunch 尚未获得任何独立证据证实 Klue 向 Icarus 支付了款项,也无法确定 Icarus 网站关闭的原因。Klue 发言人未立即回应置评请求。
According to the hackers, this person made a mistake that allowed them to connect to the server where the operator was keeping the stolen Klue’s customer data. “Pay the ransom or we will leak everything if you no pay us,” the cybercriminals wrote in a message on the site, where they claimed there are 195 affected Klue customers in total. 据这些黑客称,该操作员犯了一个错误,使他们能够连接到存储被盗 Klue 客户数据的服务器。“支付赎金,否则如果不支付,我们将泄露所有内容,”这些网络犯罪分子在网站上留言道,并声称总共有 195 家 Klue 客户受到影响。
In its Thursday update to customers, Klue said: “Icarus told us that the other party has only samples of data for a subset of customers, not all of the data. Icarus has asked us to inform Klue customers to not make payment to this other party.” Klue suggested its customers who are in touch with this second group of hackers to ask for a random sample of data, as proof that the hackers really possess the data they claim to have. 在周四给客户的更新中,Klue 表示:“Icarus 告诉我们,对方只拥有部分客户的数据样本,而非全部数据。Icarus 要求我们通知 Klue 客户不要向该方支付任何款项。”Klue 建议那些与这第二个黑客团伙取得联系的客户要求对方提供随机数据样本,以证明黑客确实拥有他们所声称的数据。
The company previously said that the hackers stole customers’ data by using a 2022 third-party credential that was part of a limited pilot. The hackers then used their access to Klue’s systems to steal customers’ authentication keys — known as OAuth tokens — and log into their clouds and databases. Klue has not provided more details about this stolen credential, such as who it was assigned to, or why it was not revoked in the last four years. 该公司此前表示,黑客是通过使用一个 2022 年的第三方凭据窃取了客户数据,该凭据属于一个有限试点项目的一部分。随后,黑客利用对 Klue 系统的访问权限窃取了客户的身份验证密钥(即 OAuth 令牌),并登录了他们的云端和数据库。Klue 尚未提供有关此被盗凭据的更多细节,例如它分配给了谁,或者为什么在过去四年中没有被撤销。