Author

Topic: [Warning]: Email marketing firm Klaviyo, hacked, crypto industry lists stolen (Read 246 times)

sr. member
Activity: 630
Merit: 352
When will these actors stop hacking from crpto industries

Really?! Probably never. As long as it's profitable, as long as companies don't protect themselves good enough, as long as people keep falling for phishing, I don't see why would they stop or how could they be stopped.
Learn to protect your back. Teach others too. Sooner or (more likely) later people will stop falling for this kind of scams and then it will no longer be profitable for them do this.

These hackers are career criminals, they'll keep modernizing their crafts as technological innovations keeps advancing, so it's left for individuals and corporate bodies to keep upgrading their security systems. It's very worrisome that everyday we keep hearing about hacks, especially crypto related, this is not a good development, last year 2023, I read about many hacks on exchanges and wallets that I can't even keep count of. So whether it's crypto, email or anything that has to do with the internet, we must be very careful about exposing our private information and always be security conscious.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
I’m not sure if this picked-up much wind here on the forum, but at around the same time Klaviyo suffered their hack, so did Twilio as you mentioned. In fact, Twilio’s hack led to the hackers getting hold of data for around 130 corporations back then.

I hadn’t heard anything else on the matter until today, when I read an article stating that crypto portfolio tracker CoinTraker, had been indirectly breached, leading to 1.557.153 emails and partial phone numbers being leaked. The DB is circulating around hacker forums, and is really originated in one of Cointracker’s service providers. The second referenced article below points to the service provider in question being Twilio, and more specifically one of their companies: SendGrid.

I’ve read on Reddit about recent scam/phishing attempts being sent to emails belonging to Cointracker customers, which has led to Cointracker confirming the breach.

From my perspective, it’s possible that Cointracker thought it was in the clear after Twilio’s breach las summer, and if they were forewarned by Twilio as a potential victim, they probably should have warned their customer base then, and not having waited for scam/phishing emails to start reaching their customer base in what could be an act of negligence.

See:
(GT) https://es-beincrypto-com.translate.goog/cointracker-sufre-brecha-datos-exponiendo-usuarios-ataques-phishing/?_x_tr_sl=es&_x_tr_tl=en&_x_tr_hl=es&_x_tr_pto=wapp
https://beincrypto.com/cointracker-crypto-portfolio-software-suffers-data-hack/
https://www.databreaches.net/important-cointracker-security-update/
hero member
Activity: 1526
Merit: 555
In connection with this hack, cyber threat investigators have discovered this phishing campaign and dubbed the personalities as the "Okta Hackers". And so this is the cycle:



1. Industry targeted:



2. Geolocations of victims:



3. Geolocations of users that had their credentials compromised:



So obviously the hackers is financially motivated and for sure more attacks would come in the future.

The good thing is that the investigators were able to get the name and face (maybe it's fake) and the location. So hopefully they will get to him fast before he wrecks havoc again.

Source
member
Activity: 889
Merit: 60
So for those who may have received some emails, SMS, then be very careful as obviously, this is phishing.

Every smartphone has an option to block messages and calls from unknown numbers, and for those who value their security and privacy, they probably already use that option. As for e-mails, always carefully check the address of the sender and if you are not sure that the message is legitimate, contact the company in question and ask for confirmation.

Hacking will never stop, and our data will always be at risk, but the key is to prevent hackers from even getting the chance to deceive us with fake links, calls or messages.

Maybe for phone that you use solely for crypto but your personal phone that wouldn't be so good choice. Depending where you live i suppose. For example i have been contacted by hospital telling my family member was brought in and officials have cancelled appointments via txt messages or phone calls. Those always come from either blocked numbers or unknown numbers.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
~snip~   

I therefore separate private from business, and on my private number I still have all the important people in the phone book and I can allow myself to have very strict options for blocking calls and messages. I think that these options are very useful because it is possible to block by the prefix of a network or country, and in my country people often complain about being called from countries where they have no relatives or friends.

Besides that, I'm happy because for several years I've had a "Do not call" registry where I can enter a number and save myself from anyone who sells something over the phone.
legendary
Activity: 2758
Merit: 1228
And email marketing firm recently, Klaviyo, (https://www.klaviyo.com/) has been hacked by cyber criminals and stole the mailing lists of their for 38 customers who are in the cryptocurrency industry. And they have taken. names, email addresses, phone numbers, and some account specific custom profile properties for profiles.

Quote
the threat actor used the internal customer support tools to search for primarily crypto related accounts and viewed list and segment information for 44 Klaviyo accounts. For 38 of these accounts, the threat actor downloaded list or segment information. The information downloaded contained names, email addresses, phone numbers, and some account specific custom profile properties for profiles in those lists or segments. All of these accounts have been notified with the details of which profiles and profile fields were accessed or downloaded.

As far as I know, those 38 customers doesn't mean 38 individual per se, it could be that one of this 38 could have thousands of crypto related mailing list already so this is big.

So for those who may have received some emails, SMS, then be very careful as obviously, this is phishing.

The security incident is in their website : https://www.klaviyo.com/blog/august-2022-security-incident, explaining how the hackers gained access on their system and tips on what to do.

If that is 38 big companies then to many people are at risk so people who use crypto should be more vigilant on upcoming actions made by those hacker since for sure they will use those data to do exploit on many people just to get money. And this incident proves that it's good to use dummy emails or even extra phone numbers to avoid any risk made by people who always want to do bad deeds just to earn money.
hero member
Activity: 510
Merit: 4005
{...} This is the contempt with which centralized platforms treat their customers. Leak your data, say they will make sure it never happens again, do nothing, leak your data again. Rinse and repeat.

Agree. Most (all?) companies have their own interests prioritized so far ahead of the interests of their customers that you shouldn't trust them with any data that you aren't willing to share with the whole world.

Attempts to keep your data safe are (at worst) just lip service and (at best) mostly about trying to minimize liability and reputational damage.
legendary
Activity: 2268
Merit: 18771
Here’s one of the companies who was affected by the data theft: Swan Crypto.
Thought I was in a historical thread for a second there. We discussed almost this exact thing a few months ago, when Swan leaked tons of data via Hubspot as you mentioned above, including USD deposits and investment ranges: https://bitcointalksearch.org/topic/m.59672479

Let's take a quick look back at what they said at the time: https://nitter.net/SwanBitcoin/status/1506355008127877123

They claimed to have performed a full audit of all third parties, removed all sensitive information from third party servers, and their new Chief Information Security Officer was supposed to lead a review of their data security set up and procedures. Guess they didn't actually do any of that, since this is essentially the exact same scenario again just a few months later.

This is the contempt with which centralized platforms treat their customers. Leak your data, say they will make sure it never happens again, do nothing, leak your data again. Rinse and repeat.
legendary
Activity: 2730
Merit: 7065
I have three call-blocking options in the application that came with the phone and is part of a package called Optimization. The first option is to block all incoming calls, the second option gives the possibility to block unknown numbers (all those not in your phonebook), and the third option gives the possibility to block calls with a hidden number.
That's true. Most phones have that, mine included. But from the three options you mentioned, I doubt many people would use the first two as you are basically removing the function of a phone. Blocking unknown numbers could work sometimes, but it's impossible to have everyone you know in your address book. You can miss important appointments or even get yourself or others in trouble doing that.

The 3rd option is the most logical one. But from personal experience, even that isn't always the best. Sometimes when I get a call from one of my colleagues, they come from hidden office numbers. I still need to get those.   
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
Here’s one of the companies who was affected by the data theft: Swan Crypto. Swan Crypto has sent an email to the subscribers to its email list, informing on the events, and stating that the compromised information was first name, email, IP geolocation data is some cases, and how the person joined the email list. Nevertheless, an additional 0.3% of the dataset also contained historical USD deposit information as of before March 2022.

This adds more insights into this leak, and though it is seemingly limited to marketing contact related information, campaigns are not only run based on names and emails, but rather certain campaigns are what are called segmented. A segmented campaign uses a field or a set of fields to send specific messages/offers to certain customers, which could vary, for example, based on their aggregate USD deposits as could be the case. The company, Swan Bitcoin, therefore likely loaded a custom field for some campaign onto Klaviyo in order to perform this segmentation for a given campaign.

This implies that, aside from some standard fields that have already been mentioned, further information may have been leaked in some cases, as is the case here depicted.


Interesting too:
Quote
The data leak at Klaviyo also comes hot on the heels of reports that another popular email marketing platform Mailchimp has been suspending the accounts of crypto-related content creators and media outlets.

The affected businesses include the likes of self-custody crypto wallet Edge, crypto intelligence firm Messari, and Decrypt, as the developments once again highlighted the yet-to-be-resolved reliance of Web3 companies on legacy Web2 solutions.
See: https://decrypt.co/107236/swan-bitcoin-discloses-data-leak-due-phishing-attack-newsletter-provider

Trying to see if the second paragraph above is concerning MailChimp or Klaviyo, being the latter what I presume for now..

Edit: It's the former (so Edge, Messari and Decrypt are not amongst those impacted by the Klaviyo inciden ):
https://decrypt.co/107099/intuit-owned-mailchimp-is-banning-crypto-content-creators
member
Activity: 65
Merit: 12
     When will these actors stop hacking from crpto industries, it means that all customers having account with Klaviyo firm should keep their account information and payment information private for security especially their password
It is good 👍, let's just pray we aren't one of the victims, hacks need to the happening for hack problems to get solved, if these bad actors aren't hacking how will we know that there is a vulnerability somewhere in the system..?
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
As far as I know, you can only block it if you once got the call, so the best thing is not to answer those calls that you really don't know the number or the originator, same with emails or sms.

I have three call-blocking options in the application that came with the phone and is part of a package called Optimization. The first option is to block all incoming calls, the second option gives the possibility to block unknown numbers (all those not in your phonebook), and the third option gives the possibility to block calls with a hidden number. There is also an option to block messages from unknown numbers.

I'm talking here about the options that exist in the smartphone that I use, but I'm sure that there are numerous separate apps that provide such possibilities - and if people valued their privacy and security more, then they would be more interested in how to protect it.
hero member
Activity: 1526
Merit: 555
So for those who may have received some emails, SMS, then be very careful as obviously, this is phishing.

Every smartphone has an option to block messages and calls from unknown numbers, and for those who value their security and privacy, they probably already use that option. As for e-mails, always carefully check the address of the sender and if you are not sure that the message is legitimate, contact the company in question and ask for confirmation.

Hacking will never stop, and our data will always be at risk, but the key is to prevent hackers from even getting the chance to deceive us with fake links, calls or messages.

As far as I know, you can only block it if you once got the call, so the best thing is not to answer those calls that you really don't know the number or the originator, same with emails or sms.

The case sounds similar to the one we saw earlier this year, where around 30 Hubspot accounts (1 account = 1 corporate customer -> N end customers) were breached through the compromise of an employee’s account.

Here we are talking of a larger number of accounts (again: 1 account = 1 corporate customer -> N end customers) 44 viewed, with personal data downloads from 38 of them and a primary focus on crypto.

Now due to multiple factors, it will likely be uncommon to see a list of all the corporate customers affected (I don’t recall seeing but a few sparse corporate names in the said Hubspot incident). From a end-user’s perspective, one would need to know asap, and it’s normally going to be down to the affected corporations to determine how to communicate the events to them.

Thanks, I'm not familiar with it, but yes, seems to be the same case, a marketing company being targeted by the hackers to steal whatever data they can. And personal data in this decade, in the age of information, this is jackpot for this criminals.

And the wave still continues,  Hackers Behind Twilio Breach Also Targeted Cloudflare Employees.

Quote
Web infrastructure company Cloudflare on Tuesday disclosed at least 76 employees and their family members received text messages on their personal and work phones bearing similar characteristics as that of the sophisticated phishing attack against Twilio.

The attack, which transpired around the same time Twilio was targeted, came from four phone numbers associated with T-Mobile-issued SIM cards and was ultimately unsuccessful.

The text messages pointed to a seemingly legitimate domain containing the keywords "Cloudflare" and "Okta" in an attempt to deceive the employees into handing over their credentials.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
So for those who may have received some emails, SMS, then be very careful as obviously, this is phishing.

Every smartphone has an option to block messages and calls from unknown numbers, and for those who value their security and privacy, they probably already use that option. As for e-mails, always carefully check the address of the sender and if you are not sure that the message is legitimate, contact the company in question and ask for confirmation.

Hacking will never stop, and our data will always be at risk, but the key is to prevent hackers from even getting the chance to deceive us with fake links, calls or messages.
legendary
Activity: 2268
Merit: 18771
For sure they have implemented a lot of security measures to prevent this kind of happenings.
Says who? Have you personally audited their security systems? Has any third party audited their security systems?

The fact is that many many crypto based companies, from tiny marketing agencies through to the largest centralized exchanges, have absolutely awful security, which is borne out in frequent hacks of both coins and personal information. As soon as you hand any coin or any piece of information over to any third party, then that coin or piece of information is at risk of theft, regardless of how big or reputable you think that third party is.
hero member
Activity: 2660
Merit: 551
     When will these actors stop hacking from crpto industries, it means that all customers having account with Klaviyo firm should keep their account information and payment information private for security especially their password

For sure they have implemented a lot of security measures to prevent this kind of happenings. However, it's the human nature that can be prevented and this is where the hackers point of attack, trying to lure one of their employees and they are successful of doing that.

Might not be as big as the Ledger hacked database, and there is no ransom money. So for sure the hackers will used this data for themselves or leaked it out on other blackhat forums or sell them to other hackers. And these hackers are intelligent enough to just target their clients with crypto related accounts.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
When will these actors stop hacking from crpto industries

Really?! Probably never. As long as it's profitable, as long as companies don't protect themselves good enough, as long as people keep falling for phishing, I don't see why would they stop or how could they be stopped.
Learn to protect your back. Teach others too. Sooner or (more likely) later people will stop falling for this kind of scams and then it will no longer be profitable for them do this.
hero member
Activity: 896
Merit: 586
Leading Crypto Sports Betting & Casino Platform
     When will these actors stop hacking from crpto industries, it means that all customers having account with Klaviyo firm should keep their account information and payment information private for security especially their password
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
The case sounds similar to the one we saw earlier this year, where around 30 Hubspot accounts (1 account = 1 corporate customer -> N end customers) were breached through the compromise of an employee’s account.

Here we are talking of a larger number of accounts (again: 1 account = 1 corporate customer -> N end customers) 44 viewed, with personal data downloads from 38 of them and a primary focus on crypto.

Now due to multiple factors, it will likely be uncommon to see a list of all the corporate customers affected (I don’t recall seeing but a few sparse corporate names in the said Hubspot incident). From a end-user’s perspective, one would need to know asap, and it’s normally going to be down to the affected corporations to determine how to communicate the events to them.
hero member
Activity: 1526
Merit: 555
And email marketing firm recently, Klaviyo, (https://www.klaviyo.com/) has been hacked by cyber criminals and stole the mailing lists of their for 38 customers who are in the cryptocurrency industry. And they have taken. names, email addresses, phone numbers, and some account specific custom profile properties for profiles.

Quote
the threat actor used the internal customer support tools to search for primarily crypto related accounts and viewed list and segment information for 44 Klaviyo accounts. For 38 of these accounts, the threat actor downloaded list or segment information. The information downloaded contained names, email addresses, phone numbers, and some account specific custom profile properties for profiles in those lists or segments. All of these accounts have been notified with the details of which profiles and profile fields were accessed or downloaded.

As far as I know, those 38 customers doesn't mean 38 individual per se, it could be that one of this 38 could have thousands of crypto related mailing list already so this is big.

So for those who may have received some emails, SMS, then be very careful as obviously, this is phishing.

The security incident is in their website : https://www.klaviyo.com/blog/august-2022-security-incident, explaining how the hackers gained access on their system and tips on what to do.
Jump to: