Source: VICE
Summary
Klue, a market research company, suffered a data breach after hackers exploited a credential that had been used in a limited pilot program. The credential was not revoked after the pilot, allowing the hackers to access a system holding keys for customers’ data. The breach was discovered in February 2023.
Our Reading
The launch follows a familiar script.
Klue’s breach is just another example of a company leaving the door open for hackers. A credential from a limited pilot program was not revoked, and hackers used it to access customer data. This is not a sophisticated attack, just basic security hygiene. The fact that it happened in 2023 is not surprising. Klue joins the long list of companies that have learned the hard way that “pilot” does not mean “secure”. The real question is, how many other companies are making the same mistake?
Author: Evan Null
