OPTIMIZELY , the ad tech firm, has confirmed that threat actors gained access to certain internal business systems through a sophisticated voice phishing (vishing) attack, according to SecurityWeek. The company said the incident was immediately contained, the affected systems secured, and the unauthorised access terminated, with no evidence of sensitive customer data or personal information being compromised; it has proactively notified customers of the incident.
Optimizely described the intrusion as confined to internal systems including Zendesk, Salesforce CRM records, and a limited set of internal back‑office documents, and stated that the incident did not disrupt its operations. It has notified law enforcement and engaged third‑party cybersecurity experts and legal counsel to aid with the investigation, emphasising transparency with customers and partners as updates continue.
While Optimizely did not name the threat actor, SecurityWeek notes that the description suggests the infamous ShinyHunters extortion group might have been responsible. Written by Ionut Arghire, the piece was published on 25 February 2026. according to SecurityWeek