ClickFunnels has initiated an investigation into a potential data breach following claims from a hacking group known as “Satanic.” The group asserts that it has accessed sensitive business information, including emails, phone numbers, and company profiles, leading ClickFunnels to examine the integrity of its security systems. This US-based platform is widely used by marketers and entrepreneurs for creating sales funnels and customer engagement strategies.
The hackers reportedly announced their breach via Telegram, given BreachForums’ current unavailability. They claim to have compromised ClickFunnels through a third-party source, with specific reference to a data leak that allegedly occurred on April 29, 2025. In their disclosure, the group detailed that the breach includes data correlated with Adyen, a global financial technology firm known for processing payments, which is based in the Netherlands.
Moonlighting as a publicity stunt, the hackers mentioned 90,000 unique phone numbers and 69,000 unique email addresses associated with Adyen. However, ClickFunnels is investigating whether this data truly stems from a breach of Adyen itself or is merely an outcome of data processed through ClickFunnels’ platform. While Adyen recently faced a DDoS attack, the company confirmed that no customer data was exposed during that incident, leaving uncertainty about the claims made by the hackers.
Upon notification from Hackread.com, ClickFunnels stated it had been unaware of any data compromise and expressed no evidence for a breach affecting its systems. A company spokesperson articulated that ongoing monitoring did not reveal any suspicious activity. Following the inquiry, ClickFunnels requested that Hackread.com share the purported stolen data for further analysis, which the site complied with, resulting in an ongoing investigation.
The quality and structure of the data linked to the alleged breach raise concerns. It is reportedly detailed and well-organized, suggesting a high likelihood of legitimacy. The information appears to include fields such as company domains, estimated technology expenditures, sales revenues, employee designations, and various contact details. The presence of metadata relating to Tranco scores and timestamps implies this data was dredged from a marketing analytics or customer relationship management system rather than synthesized from web scraping. Such complexity implies a sophisticated level of data aggregation typically employed for lead generation or marketing targeting.
The implication that the breach transpired via a third-party connection presents further questions surrounding vendor and service provider risks. The lack of a definitive source complicates understanding the breach’s origin, heightening the risks to businesses that rely on interconnected services. As it stands, both ClickFunnels and Adyen have not publicly confirmed any breach, and the hacker group’s assertions remain unverified.
In an important update, ClickFunnels has formally denied any allegations of a breach after reviewing the information provided by Hackread.com. Addison Watson, General Counsel at ClickFunnels, asserted that a comprehensive investigation revealed no evidence supporting the hackers’ claims. He acknowledged the publication’s role in sharing the data in a usable format, enabling ClickFunnels to address the matter thoroughly. As of now, the company considers this investigation closed but encourages its users to remain vigilant for any unusual activity in their accounts.
The handling of this incident aligns well with potential tactics outlined in the MITRE ATT&CK framework, particularly concerning initial access through third-party associations, which could lead to unauthorized data exposure. The ongoing scrutiny of such claims emphasizes the necessity for businesses to fortify their cybersecurity postures and maintain vigilant monitoring for any irregularities, especially in an increasingly interconnected digital landscape.
