The threat actor gained access to Optimizely's systems through a sophisticated voice-phishing attack, but was unable to escalate privileges, install software, or create any backdoors in the Optimizely environment. The incident was confined to certain internal business systems including Zendesk, records in our Salesforce CRM, and a limited set of internal documents used for back-office operations.