- Email marketing company Klaviyo experienced a data breach that resulted in hackers accessing internal support tools.
- Hackers accessed Klaviyo’s internal systems after stealing an employee’s credentials via a phishing attack.
- Hacker downloaded marketing lists used by cryptocurrency-related accounts including customer names, addresses, email addresses, and phone numbers.
Klaviyo, a marketing automation company unveiled that they experienced a data breach in their system on August 3. The hackers stole the information of their customers mainly related to the cryptocurrency industry.
Might be a result of a successful phishing activity
Klaviyo detailed the breach and stated that it was possibly caused by hackers stealing an employee’s login credentials in phishing activity. The hackers used these login credentials to access related employee accounts first and then made their way into Klaviyo support tools. During its activity, the threat actors downloaded a marketing list of thirty-eight customers who operated in the cryptocurrency industry.
The hackers obtained two internal lists used by Klaviyo for product and marketing updates, including names, addresses, email addresses, and phone numbers. Klaviyo states that law enforcement was already notified about the incident. To investigate the breach, the company worked with a third-party cybersecurity firm. Klaviyo urged its customers to be on alert in case the hackers utilize the stolen data for future phishing attempts.
Klaviyo is a marketing automation and email platform which allow users to access, store, analyze, and use transactional and behavioral data to power highly-targeted email and advertising campaigns.