Etison LLC, operating as ClickFunnels, recently identified a data security incident involving compromised checkout pages on their platform. The breach, which affected users between July 21 and July 24, 2024, was caused by an unauthorized individual injecting custom code into the footer script of a ClickFunnels webpage. This unauthorized access was made possible through a third-party contractor’s compromised login credentials.
The investigation revealed that the custom code, which remained active from July 21, 2024, at 4:36 a.m. Mountain Time until July 24, 2024, at 3:58 p.m. Mountain Time, potentially exposed personal information. This included names, email addresses, phone numbers, physical addresses, and credit card details. ClickFunnels has since removed the malicious code and disabled the compromised contractor’s account to prevent further incidents.
In response to the breach, ClickFunnels has taken steps to enhance security and mitigate the impact. The company has audited and remediated its environment and implemented additional measures to protect user data. Affected individuals are being notified and advised to monitor their personal information and take precautionary measures such as reviewing credit reports and account statements for suspicious activity.
ClickFunnels is offering guidance and resources to help users protect their personal information. For further assistance, affected individuals can contact ClickFunnels’ incident response team via email or phone. The company apologizes for any inconvenience caused and remains committed to safeguarding user data.
Reference: