Phishing, Breach, Supply chain

Vishing-related breach reported by Optimizely

Ad tech firm Optimizely, which counts PayPal, Salesforce, Vodafone, and Zoom among its clients, has been impacted by a data breach stemming from a voice phishing attack against certain systems, according to BleepingComputer.

While basic business contact details were claimed to have been stolen by attackers, such an incident has not resulted in privilege escalation, illicit software deployments, or backdoor injections in the Optimizely environment, said the firm in breach notification letters. Additional details, including the number of customers affected by the intrusion or the identity of the threat actor, were not provided.

However, Optimizely's disclosure of having received communication from a malicious actor with behavior similar to a "loosely affiliated group" weaponizing advanced social engineering techniques has raised suspicion that the attack may have been carried out by attackers included in the ShinyHunters hacking operation.

ShinyHunters was recently reported to have leveraged device code vishing and legitimate OAuth 2.0 device authorization grant flow to compromise Microsoft Entra authentication tokens and subsequently breach connected enterprise services.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Attack Vector

You can skip this ad in 5 seconds