reports that email marketing company Klaviyo has been impacted by a data breach
last Wednesday that has compromised its internal systems, as well as cryptocurrency customers' marketing lists following a phishing attack that allowed attackers to gain employee credentials.
Using the employee's login credentials, attackers were able to access Klaviyo's internal support tools, which were then leveraged to facilitate the downloads of 38 cryptocurrency customers' marketing lists, Klaviyo said.
"The information downloaded contained names, email addresses, phone numbers, and some account specific custom profile properties for profiles in those lists or segments," added Klaviyo, which also noted that two internal lists for product and marketing updates have also been downloaded by the threat actors.
Subscribers have been urged by Klaviyo to be more wary of potential phishing or smishing attacks with the compromised data.
"We have also seen new websites copying the Klaviyo layout trying to obtain Klaviyo logins. There may be a spike in phishing campaigns and look alike websites in the coming weeks," Klaviyo noted.