TL;DRKlue says Icarus is deleting stolen data and its site is down, but a second hacker group claims it stole the data from Icarus and is extorting victims.

Klue, the market intelligence firm whose breach earlier this month exposed customer data at LastPass, HackerOne, and nearly a dozen other companies, says the hacking group responsible is now cooperating and deleting the stolen data. But a second, unnamed group of hackers has emerged claiming to possess the same data and is attempting to extort affected companies directly, according to a private customer update obtained by TechCrunch.

In a Thursday night communication to customers, Klue said it is in contact with the hacking group Icarus, which breached its systems on June 12 and stole customer data by exploiting a compromised credential from 2022. “Icarus told us they are taking steps to delete the data taken from Klue customers,” the company wrote, adding that the Icarus website remains down and that there are indications the deletion is underway.

The apparent resolution comes with a significant complication. According to Klue, Icarus informed the company that a second group of hackers obtained the stolen data, reportedly by exploiting a mistake made by the Icarus operator. This second group has posted a list of allegedly affected companies on its own website and is demanding payment from victims.