• Ad tech firm Optimizely confirms data breach after vishing attack February 23, 2026 01:04 PM 0 New York-based ad tech company Optimizely has notified an undisclosed number of customers of a data breach after threat actors compromised some of its systems in a voice phishing attack. • Optimizely has nearly 1,500 employees across 21 global offices, and its customer list includes over 10,000 businesses, including high-profile brands like H&M, PayPal, Zoom, Toyota, Vodafone, Shell, Salesforce, and Nike. • In breach notification letters sent to affected customers, the company, the threat actors reached out on February 11, claiming they had access to its systems. • Optimizely also told BleepingComputer that the attackers breached some of its systems and stole what it described as “basic business contact information.” “The threat actor gained access to Optimizely’s systems through a sophisticated voice-phishing attack, but was unable to escalate privileges, install software, or create any backdoors in the Optimizely environment, and we have no evidence that the threat actor was able to access sensitive customer data or personal information beyond basic business contact information,” it said. • Optimizely also noted the “incident was confined to certain internal business systems, records in our CRM, and a limited set of internal documents used for back-office operations,” and added that its “business operations continue without disruption.” The company also warned customers to be wary of attacks that could use some of the stolen data in further phishing attempts, which may use calls, texts, or emails to ask for passwords, MFA codes, or other credentials. • ShinyHunters links While Optimizely didn’t share how many customers had their information exposed in the data breach and has yet to name the threat actor behind the attack, it told affected customers that “the communication we received is consistent with the behavior of a loosely affiliated group who use sophisticated and aggressive

Article Summaries:

  • New York‑based ad‑tech firm Optimizely confirmed a data breach after threat actors compromised its systems via a sophisticated voice‑phishing (vishing) attack. The attackers gained access to internal business systems and basic contact information from the company’s CRM, but Optimizely reports no evidence of privilege escalation, malware installation, or access to sensitive customer data. The breach affected an undisclosed number of its 10,000‑plus customers, including brands such as H&M, PayPal, Zoom, and Nike. Optimizely warned customers to guard against follow‑up phishing attempts using the stolen data and noted the incident is likely linked to the ShinyHunters group.
  • New York‑based ad‑tech firm Optimizely confirmed a data breach after threat actors used a sophisticated voice‑phishing (vishing) attack to gain access to some internal systems. The attackers claimed to have accessed Optimizely’s environment on February 11, but the company reports they were unable to elevate privileges, install software, or create backdoors. Only “basic business contact information” was reportedly stolen, with no evidence of sensitive customer data or personal information being compromised. Optimizely warned affected customers that the stolen data could be used in future phishing attempts and noted the incident was confined to internal business systems, CRM records, and limited back‑office documents.

Sources: