cyber Breach

Klaviyo

Nov 13, 2022 1 min read
Klaviyo

Email marketing firm Klaviyo suffered a data breach in August 2022 after hackers gained access to internal systems after stealing an employee's credentials via a phishing attack.

The threat actors downloaded marketing lists for cryptocurrency-related customers including names, addresses, emails, and phone numbers.

They also used internal customer support tools to search for primarily crypto-related accounts and viewed list and segment information for 44 Klaviyo accounts.

Klaviyo immediately notified law enforcement and engaged with a third-party cybersecurity firm to investigate a breach of their network.

Source: https://www.bleepingcomputer.com/news/security/email-marketing-firm-hacked-to-steal-crypto-focused-mailing-lists/

TPRM report: https://scoringcyber.rankiteo.com/company/klaviyo

"id": "kla2019281022",
"linkid": "klaviyo",
"type": "Breach",
"date": "08/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Klaviyo',
                        'type': 'Email Marketing Firm'}],
 'attack_vector': 'Phishing',
 'data_breach': {'data_exfiltration': True,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': ['Personal Information'],
                 'type_of_data_compromised': ['Names',
                                              'Addresses',
                                              'Emails',
                                              'Phone Numbers']},
 'date_detected': '2022-08',
 'description': 'Email marketing firm Klaviyo suffered a data breach in August '
                '2022 after hackers gained access to internal systems after '
                "stealing an employee's credentials via a phishing attack. The "
                'threat actors downloaded marketing lists for '
                'cryptocurrency-related customers including names, addresses, '
                'emails, and phone numbers. They also used internal customer '
                'support tools to search for primarily crypto-related accounts '
                'and viewed list and segment information for 44 Klaviyo '
                'accounts.',
 'impact': {'data_compromised': ['Names',
                                 'Addresses',
                                 'Emails',
                                 'Phone Numbers'],
            'systems_affected': ['Internal Systems', 'Customer Support Tools']},
 'initial_access_broker': {'entry_point': 'Phishing Attack'},
 'investigation_status': 'Investigation Ongoing',
 'post_incident_analysis': {'root_causes': 'Stolen Employee Credentials'},
 'references': [{'date_accessed': '2022-08',
                 'source': 'Cyber Incident Description'}],
 'response': {'law_enforcement_notified': True,
              'third_party_assistance': ['Third-party Cybersecurity Firm']},
 'title': 'Klaviyo Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Stolen Employee Credentials'}
Published by
Harshit Kaur Bhatia
Harshit Kaur Bhatia
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.