Hans Bitcoin, A Bitcoin-Special savings firm, revealed that it has been affected by a recent data breach from its newsletter provider, Clavio.
As per email seen by decrypt And shared by the firm on Twitter, Klaviyo informed Swan Bitcoin about a security incident on August 7.
Swan Bitcoin stated that “the incident is the result of a phishing by one of their employees, which led to their internal systems being compromised and Swan’s email list being downloaded.”
“We are notifying you of this incident because you are a subscriber to our email list and your email was leaked as a result of Klayivo’s security incident,” the email added.
On August 7, Klaviyo, a company we use for email communications, notified us of a security incident on their system.
A Clavio employee was phished, and 44 companies in the bitcoin and crypto industries were affected, including Hans.
Read Corey’s email below. pic.twitter.com/JsXaSGryMB
— Swan.com (@SwanBitcoin) 10 August 2022
The crypto firm said that the leaked data included customers’ first names (no last names), email addresses, IP-based geolocation data identifying cities (in some cases) as well as information that the user was originally How to join company email list.
Swan Bitcoin also confirmed that about 0.3% of the leaked dataset contained an old snapshot of historical USD deposit information covering the period prior to March 2022. This means that only information about transfers between accounts was revealed in this 0.3%.
The Los Angeles-based firm said it has no evidence that customer information is being targeted, or misused. However, it warned of possible phishing attempts to obtain more information from affected customers.
“Assume that all emails, texts and phone calls asking for sensitive information are not genuine,” the email reads.
Data leak affects 44 crypto firms
Clavio reported the incident in a separate blog post, saying that the breach resulted in a phishing attack on August 3. The hackers allegedly managed to steal the login credentials of one of its employees.
These login credentials were then used to access the employee’s account and internal Klaviyo support tools.
Clavio said it immediately revoked access for the compromised user and removed the threat actor from its systems. The company also notified law enforcement and worked with an unnamed leading cybersecurity firm to investigate the breach.
Importantly, Clavio explained that the attack was primarily targeting crypto businesses that had chosen the platform for their marketing activities.
The threat actor primarily used internal customer support tools to search for crypto-related accounts and viewed list and segment information for 44 Klaviyo accounts. For 38 of these accounts, the threat actor listed or Download segment information,” Clavio said in his blog post.
According to the company, the hackers obtained customers’ names, email addresses, phone numbers, as well as “certain account specific custom profile properties.” Clavio said it has notified owners of all accounts whose details and profile fields were accessed or downloaded.
Founded in 2012 and based in Boston, MA, Klaviyo raised a $320 million Series D funding round in May 2021, raising the firm’s valuation to over $9 billion. Clavio said it served more than 70,000 paying customers at the time.
decrypt Contacted Clavio for more details about the incident and will update the article if we should hear back.
The data leak at Klaviyo also comes hot on the heels of reports that Mailchimp, another popular email marketing platform, is suspending the accounts of crypto-related content creators and media outlets.
Affected businesses include self-custodial crypto wallet Edge, crypto intelligence firm Messari, and decryptAs development has once again exposed Web3 companies’ yet to be resolved reliance on legacy Web2 solutions.