One of the biggest marketing automation platforms and email marketing services, MailChimp, was breached over the weekend, with attackers getting away with more than a hundred mailing lists.
The mailing lists were later used to target people with phishing attacks, in an attempt to steal their money and cryptocurrency holdings.
As reported by BleepingComputer, MailChimp announced the breach on Sunday. Apparently, a number of employees fell for a social engineering attack, and had their credentials stolen.
Targeting Trezor users
The stolen accounts were quickly terminated, and MailChimp took additional steps to prevent other employees from being affected, the company said. But the damage had already been done.
With the stolen credentials, the attackers accessed 319 MailChimp accounts and exported “audience data”, including mailing lists from 102 customer accounts.
They also accessed API keys (now defunct) from an unknown number of customers. With the keys, the attackers can create custom email campaigns and send them to mailing lists without accessing the MailChimp customer portal.
One of the companies whose customers were targeted with a phishing attack was hardware crypto wallet company Trezor. Soon after the breach, Trezor customers started getting an email that stated that the company had suffered a data breach, and invited users to download a program to help them reset the PINs on their hardware wallets.
The program disguised a malware strain that allowed attackers to steal the contents of the wallet.
Siobhan Smyth, Mailchimp’s CISO, told BleepingComputer that the company notified all of the compromised account holders, which included those in the cryptocurrency and finance sectors.
She reiterated the importance of having multi-factor authentication as an added layer of protection against attacks.
“We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers. We take pride in our security culture, infrastructure, and the trust our customers place in us to safeguard their data. We’re confident in the security measures and robust processes we have in place to protect our users’ data and prevent future incidents,” Smyth said.
Via BleepingComputer