Mailchimp Hacked – Hackers Breached For Crypto customers to use Phishing Scam.
On Monday, Mailchimp, a provider of email marketing services, disclosed a security breach that allowed hackers to gain access to customers’ accounts and stage phishing attacks.
MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies like Trezor.
Trezor is a Hardware wallet company to manage and trade cryptocurrencies.
What Mailchimp said?
“The incident was propagated by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised,” Siobhan Smyth, Mailchimp’s chief information security officer, was quoted as saying.
“Mailchimp have confirmed that their service has been compromised by an insider targeting crypto companies,” Trezor later tweeted. “We have managed to take the phishing domain [trezor.us] offline,” warning its users to refrain from opening any emails from the company until further notice.
“On March 26, our Security team became aware of a malicious actor accessing one of our internal tools used by customer-facing teams for customer support and account administration,” MailChimp CISO, Siobhan Smyth, told BleepingComputer.
“The incident was propagated by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised.”
“We acted swiftly to address the situation by terminating access for the compromised employee accounts and took steps to prevent additional employees from being affected.”
The credentials were used to access 319 Mailchimp accounts and export audience data, likely mailing lists, from 102 customer accounts.
MailChimp recommends that all customers enable two-factor authentication on their accounts for further protection.
“We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers. We take pride in our security culture, infrastructure, and the trust our customers place in us to safeguard their data. We’re confident in the security measures and robust processes we have in place to protect our users’ data and prevent future incidents.” said Siobhan Smyth, Mailchimp’s CISO.
“This attack is exceptional in its sophistication and was clearly planned to a high level of detail,” Trezor explained. “The phishing application is a cloned version of Trezor Suite with very realistic functionality, and also included a web version of the app.”
“We immediately took steps to disable phishing sites and are taking further steps to stop the continuation of this phishing attack.” — Tomáš Sušánka, CTO of Trezor.
Compromised email addresses may be targeted again in future so please report any new phishing attempts directly to [email protected]
Domains trezor(.)us and suite(.)xn--trzor-o51b(.)com has been taken down.
— Trezor (@Trezor) April 3, 2022