[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMDRclVXBu8rQ13iTveY4ef_RPWGGFBxkWg0haGgK8Y8":3},{"article":4,"iocs":47},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":26,"category":27,"article_tags":31},"3df575dc-b576-4abd-99a9-aaa3a1beb5b3","Tradeify Data Breach: Hacker Claims to Leak 240K+ Customer Records","tradeify-data-breach-hacker-claims-to-leak-240k-customer-records-18025e","A threat actor using the alias macaroni claims to have exfiltrated the full customer CRM of Tradeify, an online trading platform, by abusing a Klaviyo private API key that was reportedly hardcoded in the site&#x27;s client-side JavaScript.","A threat actor named macaroni claims to have breached Tradeify, an online trading platform, by exploiting a Klaviyo private API key hardcoded in client-side JavaScript. The alleged exfiltration includes 240,174 customer profiles containing names, emails, phone numbers, physical addresses, purchase history, and CRM metadata. The breach remains unconfirmed by independent sources and Tradeify has not publicly acknowledged the incident.","Tradeify trading platform hit by data breach exposing 240K+ customer records via exposed Klaviyo API key.","Data240K+ profiles PriceFree leak CountryUnited States Actormacaroni ▣Post details TargetTradeify (online trading platform) CountryUnited States SectorFinancial Services \u002F Trading ClaimFull customer CRM dumped via exposed API key Data240,174 customer profiles (Klaviyo CRM) ObservedJun 5, 2026 PriceFree leak (reply-gated) Actormacaroni (MVP user) !Allegedly exposed 240,174 customer profiles (claimed) Full names Email addresses Phone numbers Physical addresses (city, state, zip, country) Purchase history (limited) Account metadata \u002F custom properties Klaviyo CRM profile data ◱Screenshot Screenshot 1 Redacted preview ⚠Potential impact If genuine, a CRM of 240,000+ customer profiles, names, emails, phone numbers, physical addresses, and purchase history, would be highly valuable for phishing, fraud, and identity theft, made worse by the fact that the victims are users of a financial and trading service. The poster also claims the exposed API key remained active, which, if true, could allow continued data access or tampering until the credential is rotated. Record counts and authenticity are unconfirmed. iStatus Unverified Customer profile samples and a claimed exfiltration method were posted to an underground forum behind a reply gate; the sample records and the API credential referenced in the post are not reproduced here. The claim has not been independently confirmed and Tradeify has not publicly addressed it. Want the non-redacted screenshots? Paid subscribers get all of the claim details and unredacted screenshots. Check out the threat feed or ransomware feed (whichever applies to this post), then after subscribing, search there for this alert to view the unredacted version. View pricing → DARK WEB INFORMER - THREAT INTELLIGENCE","https:\u002F\u002Fdarkwebinformer.com\u002Ftradeify-data-breach-hacker-claims-to-leak-240k-customer-records\u002F","https:\u002F\u002Fstorage.ghost.io\u002Fc\u002F6b\u002F16\u002F6b16ac9c-cd67-432f-b0f3-bbec941084ff\u002Fcontent\u002Fimages\u002F2026\u002F06\u002F23876952387948972349872365798236.png","2026-06-05T17:06:58+00:00","2026-06-05T18:00:11.701+00:00",8,[18,21,23],{"name":19,"type":20},"Klaviyo","product",{"name":22,"type":20},"Tradeify",{"name":24,"type":25},"macaroni","threat_actor","2e06f76c-d5b9-4f54-9eef-4d3447b10730",{"id":26,"icon":28,"name":29,"slug":30},null,"Breaches","breaches",[32,37,42],{"category":33},{"id":34,"icon":28,"name":35,"slug":36},"2c8f44d4-b56e-47cf-9677-04f22c9ee78d","Identity & Access","identity-access",{"category":38},{"id":39,"icon":28,"name":40,"slug":41},"614132b8-5837-4952-b8b5-c6c9a32a1d85","Privacy","privacy",{"category":43},{"id":44,"icon":28,"name":45,"slug":46},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[48],{"type":49,"value":24,"context":50},"malware","Threat actor alias claiming responsibility for Tradeify data exfiltration"]