Optimizely, a prominent ad tech company, has been the target of a cyberattack orchestrated through a sophisticated vishing technique, leading to unauthorized access to certain internal systems. The incident was swiftly addressed, preventing further escalation.
Details of the Cyberattack
The intrusion involved a voice phishing (vishing) strategy, which allowed attackers to penetrate Optimizely’s internal network. However, they were unable to elevate their access privileges, install malicious software, or create any persistent threats within the company’s environment. Following the breach, Optimizely assured that no sensitive customer data or personal information was compromised.
In response, the company proactively informed its customers, emphasizing that business operations remained uninterrupted. The attackers gained access to specific internal systems, including Zendesk and Salesforce CRM records, as well as some back-office documents.
Response and Investigation
Optimizely has taken significant measures by notifying law enforcement and engaging third-party cybersecurity experts to assist with the investigation. Legal counsel has also been involved to ensure a thorough response to the breach.
The company has committed to transparency, keeping its customers and partners informed about the incident’s scope and ongoing developments. Regular updates and guidance have been provided to those potentially affected.
Potential Threat Actor
While Optimizely has not officially named the responsible party, the nature of the attack suggests possible involvement of the ShinyHunters extortion group, known for similar cyber activities. This group has a history of targeting organizations to extort sensitive data.
Based in New York, Optimizely is a major player in the digital experience platform market, boasting a global presence with 21 offices and nearly 1,500 employees. The company serves over 10,000 businesses, including notable clients such as H&M, PayPal, Toyota, Vodafone, and Zoom.
The incident underscores the ongoing risks and vulnerabilities faced by tech companies in the digital age, highlighting the importance of robust cybersecurity measures.
