New York‑based ad tech firm Optimizely notified an undisclosed number of customers that threat actors accessed some internal systems in a voice‑phishing attack and stole basic business contact information. The company says attackers could not escalate privileges or access sensitive customer data, and the incident is suspected to be linked to the ShinyHunters extortion group; customers are warned to watch for follow‑up phishing using the stolen contacts. #Optimizely #ShinyHunters
Keypoints
- Threat actors used a sophisticated voice‑phishing (vishing) attack to gain access to Optimizely’s internal systems.
- Optimizely reports the attackers stole basic business contact information but could not escalate privileges or install backdoors.
- The incident was confined to certain CRM records and limited back‑office documents, with business operations continuing.
- The activity matches tactics associated with the ShinyHunters extortion group and recent SSO vishing campaigns.
- Customers are advised to be vigilant for follow‑up phishing calls, texts, or emails requesting credentials or MFA codes.