United States
Finance
Tradeify Data Breach: Hacker Claims to Leak 240K+ Customer Records
A threat actor using the alias macaroni claims to have exfiltrated the full customer CRM of Tradeify, an online trading platform, by abusing a Klaviyo private API key that was reportedly hardcoded in the site's client-side JavaScript. The post advertises 240,174 unique customer profiles, including full names, emails, phone numbers, physical addresses, and limited purchase history, shared behind a reply gate. The claim is unverified and Tradeify has not publicly addressed it.
United States▣Post details
United States!Allegedly exposed
- 240,174 customer profiles (claimed)
- Full names
- Email addresses
- Phone numbers
- Physical addresses (city, state, zip, country)
- Purchase history (limited)
- Account metadata / custom properties
- Klaviyo CRM profile data
◱Screenshot
⚠Potential impact
If genuine, a CRM of 240,000+ customer profiles, names, emails, phone numbers, physical addresses, and purchase history, would be highly valuable for phishing, fraud, and identity theft, made worse by the fact that the victims are users of a financial and trading service. The poster also claims the exposed API key remained active, which, if true, could allow continued data access or tampering until the credential is rotated. Record counts and authenticity are unconfirmed.
iStatus
UnverifiedCustomer profile samples and a claimed exfiltration method were posted to an underground forum behind a reply gate; the sample records and the API credential referenced in the post are not reproduced here. The claim has not been independently confirmed and Tradeify has not publicly addressed it.
DARK WEB INFORMER - THREAT INTELLIGENCE
