Optimizely Breach Exposes Customer Contact Data in Sophisticated Vishing Attack
On February 11, digital experience platform Optimizely fell victim to a cyberattack after hackers bypassed security controls using a voice-phishing (vishing) attack. The breach compromised "basic" customer contact information, including names, email addresses, and potentially phone numbers, though the company confirmed no sensitive data was accessed.
The attackers gained entry to internal business systems, CRM records, and limited back-office documents but failed to escalate privileges or deploy malware. Optimizely stated operations remained unaffected, with no evidence of deeper system compromise.
While the company did not attribute the attack to a specific group, the tactics align with ShinyHunters, a threat actor known for recent vishing campaigns. The group typically impersonates IT or support staff to trick employees into resetting credentials, often targeting Okta, Microsoft, Google, and Salesforce accounts. ShinyHunters has not claimed responsibility for this incident.
Optimizely serves over 10,000 businesses, including major brands like H&M, PayPal, Toyota, Nike, and Salesforce. The breach follows a pattern of similar attacks, underscoring the growing threat of social engineering in cyber intrusions.
Optimizely TPRM report: https://www.rankiteo.com/company/optimizely
Salesforce TPRM report: https://www.rankiteo.com/company/salesforce
Toyota TPRM report: https://www.rankiteo.com/company/toyota
"id": "toyoptsal1771958301",
"linkid": "toyota, optimizely, salesforce",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Customers of Optimizely (names, '
'email addresses, phone numbers '
'exposed)',
'industry': 'Technology',
'name': 'Optimizely',
'size': '10,000+ business customers',
'type': 'Digital Experience Platform'}],
'attack_vector': 'Vishing (Voice Phishing)',
'data_breach': {'personally_identifiable_information': ['Names',
'Email addresses',
'Phone numbers'],
'sensitivity_of_data': 'Low (no sensitive data accessed)',
'type_of_data_compromised': 'Customer contact information'},
'date_detected': '2024-02-11',
'description': 'On February 11, digital experience platform Optimizely fell '
'victim to a cyberattack after hackers bypassed security '
'controls using a voice-phishing (vishing) attack. The breach '
'compromised basic customer contact information, including '
'names, email addresses, and potentially phone numbers, though '
'the company confirmed no sensitive data was accessed. The '
'attackers gained entry to internal business systems, CRM '
'records, and limited back-office documents but failed to '
'escalate privileges or deploy malware. Optimizely stated '
'operations remained unaffected, with no evidence of deeper '
'system compromise.',
'impact': {'data_compromised': 'Basic customer contact information (names, '
'email addresses, phone numbers)',
'operational_impact': 'None (operations remained unaffected)',
'systems_affected': ['Internal business systems',
'CRM records',
'Back-office documents']},
'initial_access_broker': {'entry_point': 'Vishing attack (credential reset '
'via impersonation)',
'high_value_targets': ['Okta',
'Microsoft',
'Google',
'Salesforce accounts']},
'post_incident_analysis': {'root_causes': 'Social engineering (vishing) '
'leading to unauthorized access'},
'threat_actor': 'ShinyHunters (suspected)',
'title': 'Optimizely Breach Exposes Customer Contact Data in Sophisticated '
'Vishing Attack',
'type': 'Data Breach',
'vulnerability_exploited': 'Social Engineering'}