Email marketing firm hacked to steal crypto-focused mailing lists
August 8, 2022
What you need to know:
Email marketing firm Klaviyo suffered a data breach on August 3rd.
Hackers gained access to internal systems after stealing an employee’s credentials via a phishing attack.
Hacker downloaded marketing lists used by cryptocurrency-related accounts, and for Klaviyo product and marketing updates.
Stolen data includes customers’ names, addresses, emails, and phone numbers.
Threat actors are already trying to gain access to the stolen data.
Email marketing firm Klaviyo disclosed a data breach after threat actors gained access to internal systems and downloaded marketing lists for cryptocurrency-related customers.
Klaviyo says the breach occurred on August 3rd after hackers stole an employee’s login credentials in a phishing attack. These login credentials were then used to access the employee’s account and internal Klaviyo support tools.
Using the internal tools, the threat actors downloaded marketing lists for thirty-eight customers who are in the cryptocurrency industry.
“The threat actor used the internal customer support tools to search for primarily crypto related accounts and viewed list and segment information for 44 Klaviyo accounts. For 38 of these accounts, the threat actor downloaded list or segment information,” explained a security notification from Klavyio.
“The information downloaded contained names, email addresses, phone numbers, and some account specific custom profile properties for profiles in those lists or segments.”
The hackers also downloaded two internal lists used by Klaviyo for product and marketing updates that contain names, addresses, email addresses, and phone numbers.
Klaviyo says they have notified law enforcement and engaged with a third-party cybersecurity firm to investigate a breach of their network.
Data likely to be used in phishing attacks
Klaviyo warns subscribers to be on the lookout for future targeted phishing or smishing attacks using the stolen data.
“We are concerned about potential phishing or smishing efforts by the threat actor and want our customers, contacts, and employees to be skeptical of any password reset requests, requests for payment info, or emails from unusual domains,” warned Klaviyo on a blog post about the data breach.
“We have also seen new websites copying the Klaviyo layout trying to obtain Klaviyo logins. There may be a spike in phishing campaigns and look alike websites in the coming weeks.”
BleepingComputer is already aware of threat actors actively seeking the stolen Klaviyo data, likely to use it in their own attacks.
As the breach only happened last week, for the immediate future, this data will likely be used privately by the hackers or traded/sold with other threat actors.
However, it would not be surprising to find this data eventually leaked for free on hacking forums.
Klaviyo customers affected by this breach should expect similar attacks to happen in the future.
Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence’s area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies.