"The threat actor gained access to Optimizely's systems through a sophisticated voice-phishing attack, but was unable to escalate privileges, install software, or create any backdoors in the Optimizely environment. The incident was confined to certain internal business systems including Zendesk, records in our Salesforce CRM, and a limited set of internal documents used for back-office operations."
"Optimizely says it has no evidence of any sensitive customer data or personal information being compromised in the attack, but has proactively notified its customers of the incident. The company said the incident did not disrupt its operations and confirmed that the attackers were able to access business contact information."
"We are prioritizing transparency with our customers and partners; we have informed them of the incident and its scope and are continuing to provide updates and individual guidance to them directly. Optimizely has notified law enforcement of the attack and has engaged third-party cybersecurity experts and legal counsel to aid with the investigation."
Ad tech firm Optimizely experienced a sophisticated voice phishing attack that granted threat actors access to internal business systems including Zendesk, Salesforce CRM records, and internal documents. The attackers were unable to escalate privileges, install software, or create backdoors. No sensitive customer data or personal information was compromised, and operations continued uninterrupted. Attackers accessed only business contact information. Optimizely immediately contained the incident, secured affected systems, and terminated unauthorized access. The company notified customers, law enforcement, and engaged third-party cybersecurity experts and legal counsel for investigation.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]