Email marketing firm Klaviyo disclosed a data breach after threat actors gained access to internal systems and downloaded marketing lists for cryptocurrency-related customers.
Klaviyo says the breach occurred on August 3rd after hackers stole an employee’s login credentials in a phishing attack. These login credentials were then used to access the employee’s account and internal Klaviyo support tools.
Using the internal tools, the threat actors downloaded marketing lists for thirty-eight customers who are in the cryptocurrency industry.
The hackers also downloaded two internal lists used by Klaviyo for product and marketing updates that contain names, addresses, email addresses, and phone numbers.
Klaviyo says they have notified law enforcement and engaged with a third-party cybersecurity firm to investigate a breach of their network.
