Ad tech firm Optimizely, which counts PayPal, Salesforce, Vodafone, and Zoom among its clients, has been impacted by a data breach stemming from a voice phishing attack against certain systems, according to BleepingComputer.While basic business contact details were claimed to have been stolen by attackers, such an incident has not resulted in privilege escalation, illicit software deployments, or backdoor injections in the Optimizely environment, said the firm in breach notification letters. Additional details, including the number of customers affected by the intrusion or the identity of the threat actor, were not provided.However, Optimizely's disclosure of having received communication from a malicious actor with behavior similar to a "loosely affiliated group" weaponizing advanced social engineering techniques has raised suspicion that the attack may have been carried out by attackers included in the ShinyHunters hacking operation.ShinyHunters was recently reported to have leveraged device code vishing and legitimate OAuth 2.0 device authorization grant flow to compromise Microsoft Entra authentication tokens and subsequently breach connected enterprise services.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
Attack VectorYou can skip this ad in 5 seconds




