On August 3rd, the email marketing company Klaviyo suffered a data breach. Threat actors gained access to internal systems and downloaded marketing lists for clients who deal with cryptocurrencies. According to Klaviyo, hackers used a phishing attack to steal an employee’s login information. They used the compromised credentials to access the employee’s account and internal Klaviyo support resources. The threat actors then downloaded marketing lists for thirty-eight clients who work in the cryptocurrency sector using internal technologies. “The threat actor used the internal customer support tools to search for primarily crypto related accounts and viewed list and segment information for 44 Klaviyo accounts. For 38 of these accounts, the threat actor downloaded list or segment information. The information downloaded contained names, email addresses, phone numbers, and some account specific custom profile properties for profiles in those lists or segments,” stated Klavyio.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in