Optimizely Reports Vishing-Related Data Breach: Protecting Customer Data in a Phishing Era
Optimizely Discloses Data Breach Resulting from Sophisticated Voice Phishing Attack
A prominent advertising technology company, Optimizely, has disclosed a data breach resulting from a sophisticated voice phishing attack. The incident, which was reported to have occurred recently, involved an attacker successfully obtaining basic business contact information from certain systems within the company.
Breach Details
According to breach notification letters sent by Optimizely, the attackers did not manage to escalate privileges, deploy malicious software, or inject backdoors into the company’s environment. However, the breach has raised concerns about the potential involvement of a “loosely affiliated group” of hackers, possibly linked to the ShinyHunters operation.
ShinyHunters has been known to employ advanced social engineering tactics, including device code vishing and OAuth 2.0 device authorization grant flow exploitation, to compromise enterprise services. In a recent incident, the group was reported to have breached Microsoft Entra authentication tokens using these techniques.
Client Impact
Optimizely’s clients include high-profile companies such as PayPal, Salesforce, Vodafone, and Zoom. While the company has not disclosed the number of customers affected by the breach or the identity of the threat actor, the incident highlights the growing threat of voice phishing attacks on businesses.
Voice Phishing Threat
Voice phishing, also known as vishing, involves attackers using social engineering tactics to trick victims into divulging sensitive information over the phone. In this case, the attackers targeted Optimizely’s systems, resulting in the theft of basic business contact information.
Security Measures
The breach serves as a reminder for companies to remain vigilant and implement robust security measures to prevent similar incidents. This includes educating employees on the risks of voice phishing and implementing multi-factor authentication to prevent unauthorized access to systems.
Evolving Cyber Threats
The incident is also a testament to the evolving nature of cyber threats, with attackers continually adapting and refining their tactics to exploit vulnerabilities in even the most secure systems. As such, companies must remain proactive in their cybersecurity efforts, staying informed about the latest threats and implementing effective countermeasures to protect their assets.
About Author
English