- Optimizely was breached via sophisticated voice phishing attack on February 11th
- Hackers gained access to CRM records and internal documents and leaked “basic” customer contact information
- No sensitive data confirmed stolen; the incident is similar to ShinyHunters recent vishing campaigns
Optimizely has confirmed that it has suffered a cyber-attack in which it lost “basic” contact details of some of its customers.
Optimizely is a digital experience platform that helps businesses manage their websites and marketing campaigns to improve conversions and customer engagement, and is known for A/B testing and experimentation, enterprise CMS systems, and various digital e-commerce tools serving more than 10,000 companies, including H&M, PayPal, Toyota, Nike, and Salesforce.
The company recently issued breach notification letters to some of its affected customers, saying the breach occurred on February 11 and that the attackers gained access “through a sophisticated voice-phishing attack” but were unable to escalate privileges or deploy malware.
“Basic” data
“We have no evidence that the threat actor was able to access sensitive customer data or personal information beyond basic business contact information,” the company said.
We don’t know what Optimizely considers “basic,” but we can assume it includes full names, email addresses, and possibly phone numbers.
In their intrusion, the attackers gained access to “certain internal business systems, records in our CRM and a limited set of internal documents used for back office operations,” the company stressed, adding that it continued business as usual.
It did not name the perpetrators, but said their communications were “consistent with the behavior of a loosely affiliated group that uses sophisticated and aggressive social engineering tactics, most commonly involving voice phishing, to attempt to gain access to their victims’ systems.”
This sounds a lot like ShinyHunters, a group that has breached several businesses in recent weeks using the same technique.
The hackers would call company representatives, impersonate IT or technical support staff, and get them to reset their login credentials. They would target single sign-on accounts with Okta, Microsoft, Google and others and would mostly go after Salesforce data.
ShinyHunters has not yet claimed responsibility for this attack.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
