2 min read

Marketing lists for crypto customers stolen in data breach at marketing platform Klaviyo

Alina BÎZGĂ

August 09, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Marketing lists for crypto customers stolen in data breach at marketing platform Klaviyo

Ecommerce marketing automation platform Klaviyo has suffered a data breach that allowed attackers to access its internal systems and steal customer data.

The marketing firm says the breach occurred on Aug. 3 after the attackers managed to steal login credentials of a company employee.

“We identified an employee’s login credentials had been compromised, as a result of suspicious activity from our internal logging and a user report,” the notification reads. “This allowed a threat actor to gain access to the employee’s Klaviyo account and, as a result, some of our internal support tools.”

The attacker was apparently interested in information related to cryptocurrency customer accounts. After accessing Klaviyo’s internal systems, the hacker used support tools to search for crypto-related accounts and download internal lists with customer names, addresses, email addresses and phone numbers.

“The threat actor used the internal customer support tools to search for primarily crypto related accounts and viewed list and segment information for 44 Klaviyo accounts,” the company explained. “For 38 of these accounts, the threat actor downloaded list or segment information. The information downloaded contained names, email addresses, phone numbers, and some account specific custom profile properties for profiles in those lists or segments.”

The hacker also accessed and exfiltrated two internal lists used for product and marketing updates, which included the same assortment of contact information of customers.

“The download did not include any passwords, password hashes, or credit card numbers,” Klaviyo added. “The download also did not include any account data for subscribers who have a Klaviyo account.”

In response to the data breach, the company says it revoked access to the compromised employee account and notified law enforcement.

The investigation into the security incidents is ongoing and Klaviyo urges both customers and employees to remain vigilant against phishing and smishing attacks.

Klaviyo reminds all users and customers that:

· Employees never initiate password resets on your behalf and should never access unsolicited reset links

· The company won’t send text messages that request you verify or confirm your login details

· Employees will not call customers and ask for their password

· They should enable two-factor authentication on their accounts

Want to find out if your information was exposed in a data breach or leak? Bitdefender’s Digital Identity Protection, our privacy-focused service, automatically searches for leaked personal data online (including on the dark web), sending you real-time alerts when any of your private information has been exposed.

If you’re worried about fraudsters abusing your identity and financial information, check out our new Bitdefender Identity Theft Protection plans (available for the US only) that offer real-time data breach monitoring and fraud monitoring, among many other perks, to protect against identity theft.

Read more about our identity protection and privacy solutions here.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Think Before You Click: Use This Cybersecurity Awareness Month to Strengthen Your Digital Weak Spots Think Before You Click: Use This Cybersecurity Awareness Month to Strengthen Your Digital Weak Spots
Alina BÎZGĂ

October 04, 2022

2 min read
Making educators’ digital privacy and safety easier on World Teachers’ Day Making educators’ digital privacy and safety easier on World Teachers’ Day
Alina BÎZGĂ

October 03, 2022

2 min read
Identity theft victims report long-lasting physical and emotional problems, ITRC says Identity theft victims report long-lasting physical and emotional problems, ITRC says
Alina BÎZGĂ

September 29, 2022

2 min read