Exploit: Phishing
Klaviyo: Email Marketing Firm
Risk to Business: 2.284 = Severe
In an interesting twist on the usual data breach incident, email marketing firm Klaviyo suffered a concentrated and specific data breach on August 3, 2022. After gaining access to an employee’s account thanks to a successful phishing attack, bad actors then downloaded marketing lists used by cryptocurrency-related clients for outreach efforts and for Klaviyo product and marketing updates. The threat actor used the internal customer support tools to search for primarily crypto-related accounts and viewed list and segment information for 44 Klaviyo accounts, downloading data from at least 38 accounts.
Individual: 2.284 = Severe
Stolen data includes customers’ names, addresses, email addresses, account profile information and phone numbers. The hackers also downloaded two internal lists used by Klaviyo for product and marketing updates that contain names, addresses, email addresses, and phone numbers.
How It Could Affect Your Customers’ Business: Phishing is the most likely way for any organization to open the door to a data breach.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
