One of the biggest marketing automation platforms and email marketing services, MailChimp, was breached over the weekend, with attackers getting away with more than a hundred mailing lists.
The mailing lists were later used to target people with phishing attacks, in an attempt to steal their money and cryptocurrency holdings.
As reported by BleepingComputer, MailChimp announced the breach on Sunday. Apparently, a number of employees fell for a social engineering attack, and had their credentials stolen (opens in new tab).
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.
>> Click here to start the survey in a new window (opens in new tab) <<
Targeting Trezor users
The stolen accounts were quickly terminated, and MailChimp took additional steps to prevent other employees from being affected, the company said. But the damage had already been done.
With the stolen credentials, the attackers accessed 319 MailChimp accounts and exported “audience data”, including mailing lists from 102 customer accounts.
They also accessed API keys (now defunct) from an unknown number of customers. With the keys, the attackers can create custom email campaigns and send them to mailing lists without accessing the MailChimp customer portal.
One of the companies whose customers were targeted with a phishing attack was hardware crypto wallet company Trezor. Soon after the breach, Trezor customers started getting an email that stated that the company had suffered a data breach, and invited users to download a program to help them reset the PINs on their hardware wallets.
The program disguised a malware (opens in new tab) strain that allowed attackers to steal the contents of the wallet.
> What is phishing and how dangerous is it? (opens in new tab)
> Hackers have found a clever new way to steal your Microsoft 365 credentials (opens in new tab)
> Google update looks to help you spot Workspace phishing scams (opens in new tab)
Siobhan Smyth, Mailchimp’s CISO, told BleepingComputer that the company notified all of the compromised account holders, which included those in the cryptocurrency and finance sectors.
She reiterated the importance of having multi-factor authentication as an added layer of protection against attacks.
"We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers. We take pride in our security culture, infrastructure, and the trust our customers place in us to safeguard their data. We’re confident in the security measures and robust processes we have in place to protect our users’ data (opens in new tab) and prevent future incidents,” Smyth said.
Via BleepingComputer (opens in new tab)