Mailchimp, the veteran email marketing platform, has confirmed that hackers used an internal tool to do this Steal data from more than 100 of its customers – using the data to conduct phishing attacks on users of cryptocurrency services.
The breach was confirmed to the press by Mailchimp on Monday, but had come to light over the weekend when users of the Trezor hardware cryptocurrency wallet reported being targeted by sophisticated phishing emails.
MailChimp has confirmed that their service has been compromised by an insider targeting crypto companies.
We managed to take the phishing domain offline. We’re trying to determine how many email addresses are affected. 1/
— Trezor (@Trezor) April 3, 2022
In a statement sent to The edge, Mailchimp CISO Siobhan Smyth said the company became aware of the breach on March 26 when it discovered unauthorized access to a tool used by the company’s customer support and account management teams. Although Mailchimp disabled the compromised employee accounts after learning of the breach, the hackers were still able to view around 300 Mailchimp user accounts and obtain audience data from 102 of them, Smyth said.
“We sincerely apologize to our users for this incident and recognize the inconvenience it causes and raises questions for our users and their customers,” said Smyth. “We pride ourselves on our security culture, infrastructure and the trust our customers place in us to protect their data. We trust the security measures and robust processes we have in place to protect our users’ data and prevent future incidents.”
However, details of the hack show that the compromise of Mailchimp’s internal tools was just one piece in a larger puzzle. as computer beeps One of the stolen email lists was reportedly used Send a fake data breach notification to Trezor customers, prompting them to download a new version of the Trezor Suite desktop application. In fact, the email directed users to a phishing site that hosted a fake version of the application designed to steal the seed phrase that would allow hackers to take complete control of a user’s cryptocurrency wallet gain. It is currently unclear if funds were stolen from Trezor users as a result of the attack.
in one blog entry As Trezor published on Monday, Trezor said that the attack was “extraordinary in its sophistication and … clearly planned down to the smallest detail”, with the cloned version of the Trezor Suite app offering realistic functionality to anyone who has it installed. SatoshiLabs, the makers of the Trezor wallet, have not yet responded to additional questions sent by The edge.
So far, Mailchimp’s analysis has revealed that the attackers have focused on obtaining data from users in the cryptocurrency and financial sectors. Unfortunately for Trezor users – and for customers of any other organization whose data has been compromised – it is safe to say that a skilled attacker now has knowledge of users’ email contact details and possibly the type of cryptocurrency they are using. hardware and software.
Trezor device users were advised to report new phishing attempts directly to firstname.lastname@example.org. Mailchimp has stated that the owners of all other compromised accounts have been notified, so more notifications from affected companies are likely to appear soon.
https://www.theverge.com/2022/4/4/23010317/hackers-mailchimp-trezor-cryptocurrency-phishing Hackers breached Mailchimp to phish cryptocurrency wallets