Optimizely Data Breach Confirmed After Vishing Attack
▼ Summary
– Optimizely, a major ad tech company, suffered a data breach after attackers compromised its systems via a sophisticated voice phishing (vishing) attack.
– The attackers stole basic business contact information but were unable to access sensitive customer data, escalate privileges, or disrupt business operations.
– The company warned affected customers to be vigilant for follow-up phishing attempts using the stolen data to solicit passwords or credentials.
– Evidence suggests the attackers are likely part of the ShinyHunters group, known for similar vishing campaigns against high-profile organizations.
– These attacks often involve impersonating IT support to trick employees into providing login credentials and MFA codes, granting access to enterprise services.
A major advertising technology firm has confirmed a security incident stemming from a voice phishing scheme, alerting customers that attackers infiltrated internal systems. Optimizely, a prominent player with a client roster featuring giants like PayPal, Zoom, Toyota, and Nike, disclosed that the breach occurred after threat actors contacted the company on February 11th, asserting they had already gained system access. The company’s investigation determined that the intruders obtained what is described as “basic business contact information” from its customer relationship management (CRM) platform and other internal documents. Crucially, Optimizely stated the attackers were contained, unable to escalate their access, install malicious software, or reach sensitive customer data.
The company attributed the initial compromise to a “sophisticated voice-phishing attack,” a method where fraudsters use phone calls to manipulate employees into divulging credentials. In notifications to affected parties, Optimizely emphasized that its core business operations were not disrupted and the incident was confined to specific back-office systems. However, it issued a warning for customers to remain vigilant against potential follow-up phishing attempts. These could involve calls, texts, or emails leveraging the stolen contact details to solicit passwords, multi-factor authentication (MFA) codes, or other login credentials.
While Optimizely has not publicly identified the responsible group or the exact number of impacted customers, its description points toward a known threat actor. The company noted the tactics align with “a loosely affiliated group” known for aggressive social engineering, often involving voice phishing. This strongly suggests involvement by the ShinyHunters extortion operation, which has recently claimed credit for breaches at numerous high-profile companies including Canada Goose, Panera Bread, and the online dating conglomerate Match Group.
This incident appears connected to a broader wave of attacks targeting corporate single sign-on (SSO) accounts. In these campaigns, threat actors impersonate IT support staff, calling employees and tricking them into entering their login details and MFA codes on fraudulent websites that mimic legitimate company portals. More recently, these attackers have adapted their methods, employing a technique known as “device code vishing” to abuse a legitimate authentication flow and steal Microsoft Entra tokens. Once they hijack an SSO account, they can pivot to access a wide array of connected enterprise services like Microsoft 365, Google Workspace, Salesforce, and Slack, putting vast amounts of corporate data at risk.
(Source: Bleeping Computer)
