On August 3rd  Klaviyo experienced a data leak. An intruder stole employee’s credentials in a phishing attack. According to the official statement, the intruder searched for crypto related accounts and viewed list and segment information for 44 Klaviyo accounts. For 38 of these accounts, the threat actor downloaded list or segment information. Retrieved data contained names / emails / phone numbers and some other specific account issues. All the affected users were notified about the incident.

The malicious actor also downloaded two internal lists, concerning product and marketing updates. These files contained data on names, addresses, emails and phone numbers.

Klaviyo representatives notified law enforcement authorities and reached a third-party information security company to conduct an investigation. Klaviyo also informed clients about the incident, proposed security measures and warned affected users to be ready for likely ongoing targeted phishing attacks. 

Company has already detected some new web sites, copying the layout of the Klaviyo website and trying to obtain customer credentials. 

Phishing remains one of the most common attack vector. What’s more, as it was found by Tessian and the Ponemon Institute, nearly 60% of organizations experienced data loss or exfiltration caused by an employee mistake on email. This time email was used as a channel for credentials transmission. The obtained data enabled the intruder to successfully perform an attack. It’s of crucial importance to increase permanently the awareness of staff members in information security related issues. Keeping employees up-to-date about emerging threats, as well as organizing trainings and simulating phishing attacks can help a lot. You may refer to the article in our blog to obtain more information and get some advice on how to strengthen organization’s corporate security.