Market research company Klue has confirmed that a credential dating back to 2022, which was part of a limited pilot, was used by hackers earlier this month to steal reams of data from its corporate customers, including several cybersecurity companies.
The new detail suggests that Klue may have had years to decommission the credential that was used for the pilot, raising questions about the company’s security posture and what actions it could have taken to prevent the breaches of its customers’ data.
