Optimizely, a New York ad tech firm, recently informed customers of a data breach resulting from a sophisticated voice phishing attack on its internal systems. While the company serves over 10,000 major brands, it reported that the unauthorized access was limited to basic business contact information and did not compromise sensitive customer data.

The incident began in early February when threat actors contacted the company claiming to have infiltrated its environment. Optimizely later confirmed that the breach occurred through a targeted voice phishing campaign, which allowed the attackers to gain entry into specific internal systems. Despite this initial access, the company stated that the intruders were unable to elevate their administrative privileges, install malicious software, or establish permanent backdoors within the network.

A subsequent investigation revealed that the breach was confined to certain customer relationship management records and a small selection of documents used for back-office tasks. The company emphasized that its primary business operations remained unaffected and continued to run without any technical disruption. Because the hackers could not move deeper into the infrastructure, the most sensitive layers of the platform remained secure throughout the event.

The data stolen during the attack appears to be restricted to basic professional contact details rather than financial records or deeply personal information. This type of data is often sought by cybercriminals to facilitate follow-up scams. Although the scope of the theft was limited, the company is taking the matter seriously by notifying the specific number of clients whose records were housed in the affected internal files.

In response to the discovery, the firm has issued warnings to its global client base, which includes numerous high-profile corporations and thousands of employees. Affected parties are being encouraged to remain vigilant against potential secondary attacks. The company noted that stolen contact information is frequently used to craft convincing emails, text messages, or phone calls designed to trick individuals into revealing login credentials or multi-factor authentication codes.

To prevent further issues, the organization is monitoring its systems closely and advising users to be skeptical of any unsolicited requests for sensitive security information. By disclosing the nature of the voice phishing tactic used, the company aims to help its partners recognize similar social engineering attempts in the future. The investigation into the full extent of the system compromise is considered complete as the firm focuses on reinforcing its defensive measures.

Source: Ad Tech Firm Optimizely Confirms Data Breach Following Vishing Attack