ClickFunnels is investigating a knowledge breach after hackers leaked detailed enterprise knowledge, together with emails, cellphone numbers, and firm profiles.
A hacking group calling itself “Satanic” claims to have breached ClickFunnels, a preferred US-based software program platform utilized by entrepreneurs and entrepreneurs to construct gross sales funnels. The group is thought for utilizing BreachForums to announce its breaches however for the reason that discussion board is down; it made the announcement by way of Telegram, claiming that knowledge from the corporate was stolen on April 29, 2025.
Of their publish, the hackers alleged that they accessed ClickFunnels via a 3rd social gathering and revealed particulars of what they are saying was taken. In line with the message, the breach consists of:
- Adyen-related knowledge: 90,000 distinctive cellphone numbers and 69,000 distinctive electronic mail addresses.
- ClickFunnels knowledge: Two massive knowledge tables, one with 514,000 entries and one other with 460,000.
Who’s Adyen?
On your data, Adyen is a world monetary know-how firm based mostly within the Netherlands that gives cost processing providers for companies. Regardless of the hacker group “Satanic” mentioning “Adyen” of their breach claims, there isn’t a indication that Adyen itself was compromised (Except hackers can show in any other case).
The group referenced 90,000 distinctive cellphone numbers and 69,000 distinctive electronic mail addresses underneath the “Adyen” label, however this seemingly refers to knowledge processed by way of ClickFunnels’ integration with Adyen, not a direct breach of Adyen’s programs.
Nonetheless, earlier in April 2025, Adyen did undergo a DDoS assault that quickly disrupted providers in elements of Europe, however the firm confirmed that no buyer knowledge was uncovered throughout that incident. As of now, Adyen has not reported any breach, and the claims made by the hacker group stay unverified.
ClickFunnels Responds After Being Notified
Hackread.com contacted ClickFunnels concerning the claims. The corporate was unaware of any such breach previous to being knowledgeable by Hackread. In response, a ClickFunnels spokesperson stated: “We now have not noticed any suspicious exercise or proof indicating a knowledge breach involving ClickFunnels programs.”
The corporate requested Hackread.com to share the information to permit for inner evaluate. Hackread complied, and the investigation is now ongoing.
Knowledge Evaluation
The information linked to the alleged ClickFunnels breach seems to be structured and extremely detailed, suggesting it may very well be official. Every entry consists of fields reminiscent of firm area, estimated tech spend, gross sales income, worker roles, and a number of contact factors, together with cellphone numbers and emails.
The presence of metadata like Tranco and Web page Rank scores, social media profiles, and timestamps reminiscent of “First Detected” and “Final Listed” signifies that this isn’t randomly scraped knowledge, however relatively data seemingly pulled from a advertising analytics or CRM system.
The dataset additionally displays business-level profiling sometimes used for lead era or gross sales concentrating on, not simply uncooked consumer data. Its degree of group and depth helps the chance that it got here from inside a official system tied to ClickFunnels or considered one of its built-in third-party providers. Nonetheless, solely ClickFunnels can definitively affirm its authenticity.
Questions Round Third-Occasion Threat
Whereas the hacker group particularly talked about a breach “from a third-party,” they didn’t make clear whether or not this was a vendor, service supplier, or integration level. That element may matter tremendously, as breaches via third-party providers are sometimes more durable to detect and attribute.
On the time of writing, there isn’t a public affirmation of a breach from ClickFunnels or Adyen. The hacker group’s claims stay unverified, although ClickFunnels is now reviewing the shared knowledge.
If validated, this is able to mark a serious breach given the dimensions of the alleged dataset and the character of the platform’s consumer base, which incorporates a lot of small enterprise homeowners and on-line entrepreneurs.
ClickFunnels, based in 2014, has grown quickly with out exterior funding and is utilized by 1000’s of corporations to handle digital gross sales operations. The platform handles important volumes of buyer knowledge via its touchdown pages, cost integrations, and electronic mail programs.
UPDATE: ClickFunnels Finds No Proof of Knowledge Breach
ClickFunnels has denied any breach of its programs following claims by a hacker group that knowledge had been stolen. In a direct electronic mail to Hackread.com, Addison Watson, Basic Counsel at ClickFunnels, said:
“After rigorously reviewing the supplied data and conducting an intensive inner investigation, we will unequivocally affirm that this data was not derived from a breach of ClickFunnels safety programs.”
The corporate additionally thanked the publication for sharing the dataset in an accessible format and permitting them the chance to remark previous to publication. Watson added that ClickFunnels now considers the matter closed and is anticipating an up to date article to mirror their findings.
Nonetheless, customers of ClickFunnels ought to nonetheless stay alert for any uncommon account exercise and take into account reviewing their account settings, particularly in the event that they use shared credentials throughout platforms.
