The email marketing company, Klaviyo, suffered a phishing attack mostly targeting its crypto firm customers.
The attacker(s) managed to get hold of login credentials from one of Klaviyo’s employees, and then used its customer support tools to obtain data. Overall, they gained access to confidential information about 44 crypto companies, including the wallet Edge, intelligence firm Messari, Bitcoin savings firm Swan Bitcoin, and the website Decrypt.
The stolen information includes the names, phone numbers, and email addresses of the targeted companies’ customers. Even though Klaviyo immediately reacted and eliminated the threat, info on 38 crypto accounts had already been partially or fully downloaded.