Email marketing firm hacked to steal crypto-focused mailing lists
Email marketing firm Klaviyo disclosed a data breach after threat actors gained access to internal systems and downloaded marketing lists for cryptocurrency-related customers. Klaviyo says the breach occurred on August 3rd after hackers stole an employee’s login credentials in a phishing attack. These login credentials were then used to access the employee’s account and internal Klaviyo support tools. Using the internal tools, the threat actors downloaded marketing lists for thirty-eight customers who are in the cryptocurrency industry. “The threat actor used the internal customer support tools to search for primarily crypto related accounts and viewed list and segment information for 44 Klaviyo accounts. For 38 of these accounts, the threat actor downloaded list or segment information,” explained a security notification from Klavyio. “The information downloaded contained names, email addresses, phone numbers, and some account specific custom profile properties for profiles in those lists or segments.” The hackers also downloaded two internal lists used by Klaviyo for product and marketing updates that contain names, addresses, email addresses, and phone numbers.