Optimizely Hit by Voice Phishing Attack: Cybercriminals Breach Systems, Steal Basic Business Contact Info

In a concerning development for the digital advertising and experimentation landscape, Optimizely—a New York-based ad tech powerhouse with nearly 1,500 employees spread across 21 global offices—has confirmed a data breach following a sophisticated voice phishing (vishing) attack. The breach has sent ripples through the tech world, especially given Optimizely’s impressive client roster, which includes household names like H&M, PayPal, Zoom, Toyota, Vodafone, Shell, Salesforce, and Nike.

The Attack: How It Happened

On February 11, 2025, Optimizely received an alarming notification from threat actors claiming they had successfully infiltrated the company’s systems. The attackers employed a highly targeted and sophisticated voice phishing campaign, a tactic that has become increasingly prevalent in recent months. According to Optimizely’s official statement to BleepingComputer, the breach was initiated when cybercriminals impersonated IT support personnel and convinced employees to divulge sensitive credentials and multi-factor authentication (MFA) codes.

Optimizely clarified that while the attackers managed to breach certain internal business systems, records in their CRM, and a limited set of internal documents used for back-office operations, they were unable to escalate privileges, install malicious software, or create any backdoors within the Optimizely environment. The company emphasized that there is no evidence the threat actors accessed sensitive customer data or personal information beyond basic business contact details.

Limited Impact, But Caution Advised

Despite the breach being contained to specific internal systems, Optimizely has taken the incident seriously. The company has notified an undisclosed number of affected customers and is urging them to remain vigilant against potential follow-up attacks. Cybercriminals often use stolen data to craft convincing phishing emails, texts, or phone calls designed to trick recipients into revealing passwords, MFA codes, or other sensitive credentials.

Optimizely reassured its customers that business operations continue without disruption, but the incident serves as a stark reminder of the evolving threats facing even well-established tech companies.

The ShinyHunters Connection

While Optimizely has not explicitly named the threat actor behind the attack, the company’s breach notification letters hint strongly at the involvement of the notorious ShinyHunters cybercrime group. This loosely affiliated collective is infamous for its aggressive social engineering tactics, particularly voice phishing campaigns targeting single sign-on (SSO) accounts at major platforms like Microsoft, Okta, and Google.

In recent weeks, ShinyHunters has claimed responsibility for a string of high-profile breaches, including attacks on Canada Goose, Panera Bread, Betterment, SoundCloud, PornHub, fintech firm Figure, and online dating giant Match Group (which owns Tinder, Hinge, Match.com, OkCupid, and Meetic). While not all these breaches are part of the same campaign, many share the common thread of vishing attacks designed to hijack SSO accounts and gain access to connected enterprise services.

Evolving Tactics: Device Code Vishing

BleepingComputer first reported that ShinyHunters has recently evolved its tactics, shifting from traditional vishing to device code vishing. This method abuses the legitimate OAuth 2.0 device authorization grant flow to obtain Microsoft Entra authentication tokens. Once inside a victim’s SSO account, the attackers can pivot to access a wide array of enterprise services, including Salesforce, Microsoft 365, Google Workspace, Zendesk, Dropbox, SAP, Slack, Adobe, and Atlassian, among others.

The Broader Threat Landscape

The Optimizely breach underscores a broader trend in cybercrime: the increasing sophistication and persistence of social engineering attacks. Voice phishing, in particular, has proven highly effective because it exploits human trust and urgency, often bypassing technical safeguards. As companies continue to digitize and rely on cloud-based services, the attack surface for such campaigns only grows.

For businesses, the incident is a wake-up call to reinforce employee training on recognizing phishing attempts, implement robust MFA policies, and regularly audit access controls. For consumers and clients of affected companies, it’s a reminder to stay alert for suspicious communications and to never share sensitive information in response to unsolicited requests.

Conclusion

While Optimizely has managed to contain the damage and maintain operational continuity, the breach serves as a potent reminder that no organization is immune to the ever-evolving threat of cybercrime. As threat actors refine their tactics and target high-value organizations, vigilance, education, and proactive security measures remain the best defense.

Tags: Optimizely, data breach, voice phishing, vishing, ShinyHunters, cybercrime, cybersecurity, Microsoft Entra, SSO, MFA, phishing attack, business contact info, tech news, breach notification, social engineering, cloud security, enterprise security, cyber threat, hacking, data theft, BleepingComputer

Viral Sentences:

• “Sophisticated voice phishing attack hits Optimizely, exposing basic business contact info!”
• “ShinyHunters suspected in latest wave of vishing attacks targeting major corporations!”
• “Cybercriminals evolve tactics: Device code vishing now a top threat to enterprise security!”
• “Optimizely breach: A wake-up call for businesses relying on cloud-based services!”
• “Voice phishing: The human vulnerability that no firewall can fix!”
• “From H&M to PayPal: Optimizely’s high-profile clients now on high alert!”
• “The new face of cybercrime: Social engineering outsmarts even the biggest tech firms!”
• “Stay vigilant: Cybercriminals are getting smarter, and so should you!”
• “Optimizely breach: Limited impact, but major lessons for the tech industry!”
• “Device code vishing: The latest trick in the cybercriminal playbook!”

,