Klue says hackers stole credential from 2022 that led to customer data breaches

Klue says attackers stole a credential from a 2022 limited pilot and used it to breach a system containing keys for accessing customer data. The company has not explained why the credential remained active after the pilot ended.

The incident highlights how forgotten or unrevoked access can become a long-lived security liability. It reinforces the need for stricter credential lifecycle management, especially for systems that can unlock downstream customer data.