THREATNOIR
Subscribe
Back to Feed
BreachesJun 5, 2026

Tradeify Data Breach: Hacker Claims to Leak 240K+ Customer Records

Tradeify trading platform hit by data breach exposing 240K+ customer records via exposed Klaviyo API key.

Read at source

Summary

A threat actor named macaroni claims to have breached Tradeify, an online trading platform, by exploiting a Klaviyo private API key hardcoded in client-side JavaScript. The alleged exfiltration includes 240,174 customer profiles containing names, emails, phone numbers, physical addresses, purchase history, and CRM metadata. The breach remains unconfirmed by independent sources and Tradeify has not publicly acknowledged the incident.

Full text

Data240K+ profiles PriceFree leak CountryUnited States Actormacaroni ▣Post details TargetTradeify (online trading platform) CountryUnited States SectorFinancial Services / Trading ClaimFull customer CRM dumped via exposed API key Data240,174 customer profiles (Klaviyo CRM) ObservedJun 5, 2026 PriceFree leak (reply-gated) Actormacaroni (MVP user) !Allegedly exposed 240,174 customer profiles (claimed) Full names Email addresses Phone numbers Physical addresses (city, state, zip, country) Purchase history (limited) Account metadata / custom properties Klaviyo CRM profile data ◱Screenshot Screenshot 1 Redacted preview ⚠Potential impact If genuine, a CRM of 240,000+ customer profiles, names, emails, phone numbers, physical addresses, and purchase history, would be highly valuable for phishing, fraud, and identity theft, made worse by the fact that the victims are users of a financial and trading service. The poster also claims the exposed API key remained active, which, if true, could allow continued data access or tampering until the credential is rotated. Record counts and authenticity are unconfirmed. iStatus Unverified Customer profile samples and a claimed exfiltration method were posted to an underground forum behind a reply gate; the sample records and the API credential referenced in the post are not reproduced here. The claim has not been independently confirmed and Tradeify has not publicly addressed it. Want the non-redacted screenshots? Paid subscribers get all of the claim details and unredacted screenshots. Check out the threat feed or ransomware feed (whichever applies to this post), then after subscribing, search there for this alert to view the unredacted version. View pricing → DARK WEB INFORMER - THREAT INTELLIGENCE

Indicators of Compromise

  • malware — macaroni

Entities

Klaviyo (product)Tradeify (product)macaroni (threat_actor)