Posted on August 10, 2022 at 6:37 AM
Klaviyo recently disclosed that it suffered a data breach. The email marketing firm stated that hackers were able to access its internal systems and downloaded market lists for cryptocurrency-related customers. According to the report, the data leak occurred on August 3 in a phishing attack that exposed an employee’s login details to the platform.
After the threat actor accessed the login credentials, they used the details to gain access to the platform’s support tools. The threat actors, after gaining control of the internal tools, used them to download marketing lists for 38 customers who are in the crypto industry.
Security notification from Klaviyo noted that the hackers searched for accounts with cryptocurrency details using the internet customer support tools. They viewed information from 44 Klaviy accounts but they downloaded specific cryptocurrency-related information from 38 of the accounts.
The Exposed Data Contain Personal Details
The Klaviyo security report also noted that the downloaded details contain the names, phone numbers, and email addresses of the affected customers. It also contains custom profiles of the customers in the affected segment.
Also among the stolen data are two internal lists utilized by Klaviyo for product and marketing updates. This also contains the names, phone numbers, email addresses, and residential addresses of the customers.
Klaviyo stated that it has engaged the services of a third-party security firm to investigate the situation. It also noted that law enforcement has been contacted and informed about the attack.
Stolen Data Could Be Used For Phishing Attacks
Like other types of attacks, data stolen from this attack could be used for further attacks. As a result, Klaviyo has warned its customers to be wary of any further targeted smishing or phishing attacks using the stolen data. The firm advised customers to be skeptical regarding any mail they receive, requesting them to carry out certain activities. Customers should watch carefully when they receive emails requesting payment info or password. In some cases, the email may come from unusual domains with bogus claims. The new attack strategy of the threat actors is to copy the structure of the domain or website they hacked and front as the genuine website to the customers.
“We have also seen new websites copying the Klaviyo layout trying to obtain Klaviyo logins,” the firm stated. Also, BleepingComputer noted that it is already aware of bad actors that are seeking for stolen Klaviyo data to launch their attacks.
The Data Could Be Used For Future Phishing Attacks
The breach occurred recently, which means that the attackers could take some time to sort things out before launching phishing attacks. The stolen data will likely be sold to other threat actors or used by the hackers themselves to carry out further attacks.
Also, there is a chance that the stolen data could be leaked for free on dark net forums, a situation very common among hackers looking for an audience or fame. It’s not clear whether the hackers will demand a ransom, and Klavoyo did not state whether it has been contacted for such.
There are fears of a future attack on the affected customers whose account details have been exposed. In 2020, holders of the Ledger hardware crypto wallet were targeted in a phishing attack after the platform was exposed during a data breach. Customers of Klaviyo have been warned to expect similar attacks in the future.
As a result, they have been asked to change their account details if they share the same detail on other platforms. Threat actors could take advantage of the level of unseriousness users are showing to protect their accounts. Most users get exposed and eventually targeted when they use a single password on other platforms. This could sound reasonable for those that don’t want to forget their passwords, it is a bad security idea. Once the user’s passwords have been exposed in a hacking incident, their other accounts sharing the same password are no longer safe.
The Klaviyo attack comes three months after another email marketing firm Mailchimp was hacked, resulting in a breach of an internal tool to gain access to customer accounts. Like the Klaviyo attack, this attack aimed to carry out phishing attacks in the future. The attack was also propagated by a bad actor who carried out social engineering attack on Mailchimp employees, which resulted in the compromise of credentials.