Fall 2024
Posted on 12/9/2023
AI-driven competitive intelligence platform with insights
No salary listed
Vancouver, BC, Canada
All interviews will be conducted via video calls. The company works in a hybrid model of WFH (remote) and in-office.
All interviews will be conducted via video calls. The company works in a hybrid model of WFH (remote) and in-office.
All interviews will be conducted via video calls. The company works in a hybrid model of WFH (remote) and in-office.
People at Klue who can refer or advise you
Klue provides a platform that collects data from millions of sources to give businesses insights into their competitors, markets, and buyers. The software uses artificial intelligence to filter this data into a central hub where teams can access real-time tools like "battlecards" and newsletters to help sales representatives win deals. Unlike traditional research methods, Klue focuses on "competitive enablement" by connecting intelligence directly to sales results and providing tools to measure how these insights impact a company's total revenue. The company’s goal is to provide a comprehensive view of the competitive landscape so businesses can make informed strategic decisions and increase their win rates.
Company Size
201-500
Company Stage
Grant
Total Funding
$89.5M
Headquarters
Vancouver, Canada
Founded
2015
People at Klue who can refer or advise you
Help us improve and share your feedback! Did you find this helpful?
Competitive base compensation
Extended health & dental benefits
Unlimited vacation
Employee Stock Option Plan
Pension fund
Yearly fully-paid trips to Vancouver headquarters
Free access to an online learning tool offering many engineering courses
Security advisory: third-party security incident involving Klue. Information regarding a third-party Klue security incident involving Catchpoint's Salesforce environment, including scope, data involved, and response measures. June 26, 2026 LogicMonitor Security Team Get the latest blogs, whitepapers, eGuides, and more straight into your inbox. This site is protected by reCAPTCHA. What happened? Klue recently disclosed a security incident involving its platform, a third-party competitive intelligence solution that was integrated with Catchpoint's Salesforce environment. According to Klue, attackers compromised its integration infrastructure and used stolen OAuth credentials to gain unauthorized access to data available through connected Salesforce integrations. Upon learning of the incident, LogicMonitor immediately activated its incident response procedures and began working with Klue, Salesforce, and other relevant parties to investigate the matter. Its investigation has confirmed that unauthorized access to the Catchpoint Salesforce environment occurred. The Klue integration has since been removed, the unauthorized access has been contained, and its investigation into the full scope of the incident remains ongoing. The incident was limited to the Catchpoint Salesforce environment. LogicMonitor's primary Salesforce environment was not impacted. What information was involved? While the investigation is ongoing, at this time the data accessed appears to be limited to business relationship and sales activity data stored in Catchpoint's Salesforce environment. This includes business contact information, such as names, business email addresses, phone numbers, account information, sales opportunities, quotes, and other CRM records. By design, LogicMonitor, including Catchpoint, maintains secure and logical separation between its CRM systems and production systems. Salesforce is used to manage customer relationships and sales activity and does not store customer monitoring data, production systems data, authentication credentials, payment information, or other operational customer data. As a result, this information was not accessible through the Klue integration. Is there any action customers need to take? At this time, no action is required. LogicMonitor is communicating directly with affected customers and working with them in accordance with applicable laws and its contractual commitments. What is LogicMonitor doing? LogicMonitor is conducting a comprehensive investigation and forensic assessment to validate the full scope and extent of customer impact. LogicMonitor is closely monitoring the situation, implementing additional security measures as appropriate, and will provide further updates as new information becomes available. By LogicMonitor Security Team Disclaimer: The views expressed on this blog are those of the author and do not necessarily reflect the views of LogicMonitor or its affiliates.
Klue hack results in data breach at several cybersecurity firms. Published by itjadmin at June 22, 2026 A hacking group has taken credit for a breach at market intelligence provider Klue that allowed hackers to steal reams of data from the company's corporate customers, which include some of the biggest names in cybersecurity. Vancouver-based Klue, which lets companies conduct market research by connecting their data to its systems, said on Friday that hackers had stolen data from an unspecified number of its customers during a cyberattack a week earlier. (The blog contains the "noindex" code, which tells search engines to not list the page in search results.) Cybercrime group Icarus took credit for the breach, saying on its leak site that it will publish the stolen data on Monday if the company does not pay the hackers' ransom. Klue has not said how many of its hundreds of customers are affected. Several companies have come forward to confirm they had data stolen during the attack, including Gong, Jamf, HackerOne, Insurity, OneTrust, Recorded Future, Snyk, Sprout Social, and Tanium. This is the latest of a slew of broad-scale hacks in which hackers target companies that hold the keys to other companies' cloud databases. By breaching firms like Klue, hackers are betting that compromising a single point-of-failure will let them steal data from a large number of organizations at once. Over the past year alone, hackers have increasingly targeted similar middleware providers, including Gainsight and Salesloft, to gain access to hundreds of companies' data. Klue said hackers had gained access to the company's systems on June 12 using a "compromised legacy credential," such as a password or a token, associated with an integration tool that allows customers to link their company's cloud data to their Klue accounts. The hackers were able to steal data from Klue's customer clouds, such as Salesforce databases. Companies often store their customers' personal information in Salesforce databases, making these a prime target. Much of the stolen data includes business contact information, like names, email addresses, phone numbers, job titles, and some account information of their customers, according to the various affected companies. It's not clear how the hackers acquired the compromised credentials, or why Klue did not detect the theft sooner. Similar recent mass-hacks involving the compromise and misuse of credentials, such as at Snowflake and Tanstack, have been linked to employees inadvertently installing password-stealing malware on the devices that they use for work. Klue said it has called in incident response firm CrowdStrike, and has disconnected its integrations to prevent further access to customers' data. When contacted by TechCrunch on Monday, Klue CEO Jason Smith did not immediately respond to a request for comment, or answer questions about the incident, including if the company has received any communication from the hackers, such as a ransom demand. Huntress, one of the security companies that had its data stolen in the hack, said in its write-up of the incident that the hackers had contacted it with a ransom note using an Australian company's email address, whose servers were likely misused for the campaign. Last June, Klue said it was preparing to lay off around half of its staff, around 100 people, as it doubled down on its AI investments. It's not clear if the reduction in staff led to lapses in security at the company. It's not clear who, beyond Smith, is responsible for cybersecurity at the company. Do you know more about the Klue cyberattack? Are you a company affected by the breach? Itjockies would love to hear from you. To contact Zack Whittaker securely, reach out via Signal username zackwhittaker.1337 or by email: [email protected]. When you purchase through links in its articles, Itjockies may earn a small commission. This doesn't affect its editorial independence.
Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks. Market intelligence platform Klue suffered a OAuth breach that enabled the "Icarus" threat actors to steal Salesforce CRM data from multiple organizations in an ongoing extortion campaign. Sources told BleepingComputer of the attack yesterday, telling Bulletproof Servers that numerous organizations had their Salesforce data stolen and were now being extorted by the relatively new extortion group. Cybersecurity firms ReliaQuest and Huntress have both published reports confirming the security incident, with Huntress stating that their Salesforce data was stolen in the attack. Salesforce has since disabled the Klue Battlecards integration on its platform while the breach is investigated. "To protect our customers, Salesforce has disabled the connection between the Klue Battlecards app, installed by individual customers, and Salesforce as part of our response to a recent security incident," Salesforce warned yesterday. "As a result, organizations will not be able to connect to Salesforce via this app until further notice." If you have any information regarding this incident or other undisclosed attacks, you can contact Bulletproof Servers confidentially via Signal at 646-961-3731 or at [email protected]. ReliaQuest stated that attackers gained access to Klue Battlecards integration service accounts and used OAuth tokens associated with customer Salesforce instances to carry out data theft. The researchers observed the threat actors generating OAuth tokens and then using automated Python scripts to query Salesforce's REST API for nearly 24 hours. The activity began with reconnaissance of an organization's Salesforce instances through the '/services/data/v59.0/sobjects' endpoint before exfiltrating data using the '/services/data/v59.0/query'. ReliaQuest said that for one of the organizations, the attackers slowly mapped out their Salesforce objects to identify valuable objects and then rapidly stole data once they knew what they wanted. "The attacker then hit the same endpoint, sending almost a thousand queries in a 15-minute window in at least one environment," explained ReliaQuest. "Where the first stage was a slow, steady pull designed to blend in, this burst traded stealth for speed, suggesting either time pressure or a shift to targeted records. In another case, the exfiltration was observed over 6 hours." The researchers said the activity closely resembled previous Salesforce third-party integration data theft attacks by the ShinyHunters extortion group, but were unable to attribute the attacks to the threat actor. However, BleepingComputer learned yesterday that ShinyHunters was not behind this attack, but rather a relatively new threat actor known as "Icarus" who had already begun emailing extortion demands to Klue customers impacted by the breach. A ransom note shared with BleepingComputer showed that the emails were sent using the alias "mr bean" and included a Session Messenger ID to contact them. The threat actors' data leak site also contains a message hinting at the extortion campaign in a simple post titled "Get Ready," stating, "big corps getting listed. be ready." Icarus is believed to have launched in April 2026, and initially listed two victims on its leak site, with BleepingComputer learning that at least one of these victims is connected to the Klue campaign. That company has now been removed from the data leak site, which may indicate that negotiations are underway. Today, Huntress disclosed that it was among the organizations impacted by the Klue breach, confirming that they had received a similar extortion email as seen by BleepingComputer. However, the Session ID used in later emails was different and was instead the one listed on the Icarus data leak site, providing additional evident that they were behind the attack. "In the initial email, the adversary suggests, 'we advice you to write to us on Session' (sic)," reported Huntress. "The Session Messenger ID that they provided matched the same values included on the dark web leak site of a new extortion group dubbed 'Icarus.'" According to Huntress, Klue told customers that attackers first compromised the company's backend systems and then pushed a malicious code update that stole OAuth tokens customers use to integrate the Battlecards product with third-party platforms. The attackers reportedly used a dormant but still active credential created by Klue for a prototype integration. After gaining access to Klue's environment, they stole customer OAuth tokens and used them to query connected Salesforce environments directly. Klue later disabled integrations with Salesforce, HubSpot, SharePoint, Zoom, Gong, Chorus, Clari, Google Drive, and Slack while responding to the incident. Huntress said the stolen data includes CRM-related information, including business contacts, sales communications, price quotes, competitive intelligence reports, and account data. The cybersecurity company said there was no evidence that threat intelligence, customer telemetry, passwords, payment card information, or engineering systems were compromised. Both ReliaQuest and Huntress shared IP addresses linked to the attacks, which are listed below: Organizations using Klue integrations are advised to review Salesforce and related SaaS logs for activity originating from these addresses, revoke and rotate OAuth tokens, terminate active sessions, and review Salesforce logs for unusual API activity.
Vancouver-based Klue has acquired San Francisco's Ignition to enhance its AI capabilities, following a shift to an "AI-first" strategy. Ignition's AI platform aids in product marketing, but its employees will not join Klue. The acquisition will integrate Ignition's technology into Klue's products. Ignition's co-founders will collaborate with Klue on AI projects while continuing to develop DoubleO AI independently. This follows Klue's 40% staff layoff in June to focus on AI.
Vancouver-based Klue is bolstering its AI capabilities through the acquisition of San Francisco-based go-to-market platform Ignition, just a few months after going "AI-first."