A Mailchimp hack means that you’ll want to be even more vigilant than usual about phishing emails. Attackers have taken a clever approach to making their emails appear genuine …
Background
When you subscribe to an email list, there’s a decent chance that the emails you received are actually sent by a company called Mailchimp, rather than directly by the company itself. Mailchimp offers companies a range of tools that make it easy to manage email databases, and send marketing emails and newsletters.
Mailchimp is an all-in-one Marketing Platform for small business. We empower millions of customers around the world to start and grow their businesses with our smart marketing technology, award-winning support, and inspiring content […]
Mailchimp was designed as an alternative to the oversized, expensive email software of the early 2000s. It gave small business owners who lacked the high-end tools and resources of their larger competitors access to technology that empowered them and helped them grow.
Although originally targeting small businesses, it is now used by some larger ones too.
Mailchip hack
Engadget reports that hackers managed to gain access to more than 100 Mailchip customer accounts, giving them the ability to send emails that would appear to have come from any one of those businesses. One of the affected email lists was that of cryptocurrency company Trezor, with attackers trying to gain access to their wallet credentials.
Trezor users over the weekend received emails claiming that their accounts were compromised in a data breach. The email included a purported link to an updated version of Trezor Suite, along with instructions to set up a new pin — though in actuality it was a phishing site meant to capture the contents of their digital wallets.
In a tweet on Sunday, Trezor confirmed that the emails were a part of a sophisticated phishing campaign by a malicious actor that targeted MailChimp’s newsletter database. “The Mailchimp security team disclosed that a malicious actor accessed an internal tool used by customer-facing teams for customer support and account administration,” Trezor wrote in a blog post.
Metaverse platform Decentraland said it was another of the accounts breached. The identity of the others is not yet known, but Mailchimp has contacted all affected companies, so we can expect more warnings to follow.
We recently outlined key cybersecurity precautions, including a warning never to click on links in emails, even if they appear genuine.
FTC: We use income earning auto affiliate links. More.