On August 7th, 2024, ViralKit was the victim of a phishing email cyber attack. The attacker used their own external email list (unrelated to ViralKit) and abused ViralKit's sign up system to send phishing emails to that list. We detected the incident within less than an hour and promptly shut it down. There was absolutely no breach of any data from ViralKit's customers or database.
Initially, we believed the attacker had sent these messages by spoofing our email address. However, after further investigation, we discovered that the attacker created fake user accounts on our site using the contacts from their email list. It's important to note that none of these email addresses belonged to existing ViralKit customers or were associated with us in any way.
During the account creation process on ViralKit, users are asked to provide their name and email address. Instead of entering a real name in the "Name" field, the attacker inserted an offensive message. Consequently, the welcome email, which normally says "Hello, [NAME]," instead displayed "Hello, [OFFENSIVE MESSAGE FROM ATTACKER]" to all the fake account sign-ups. The attacker used emails from their list to create fake accounts on ViralKit.
We immediately sent a follow-up email to everyone affected and instructed them to ignore the phishing email, not respond to it, and not click on any links within it. We also put a very visible warning notice on the top of our homepage. In order to prevent this from ever happening again, we implemented the following security measures:
Ignore the unauthorized email you received on August 7th, 2024. It was sent by an attacker and not by ViralKit. Do not click on any links or reply to the email.
We sincerely apologize for any inconvenience or confusion this may have caused. We take the privacy and security of our users very seriously and have taken all necessary steps to prevent this from happening again.
Thank you for your understanding. Please don't hesitate to reach out if you have any questions or concerns.