One of the largest marketing automation platforms and email marketing services, MailChimp, was hacked over the weekend, with attackers fleeing with over a hundred mailing lists. diffusion.
The mailing lists were then used to target people who fell victim to phishing attacks, with the aim of stealing their money and cryptocurrency holdings.
As reported by BleepingComputer, MailChimp announced the breach on Sunday. Apparently, several employees fell for a social engineering attack and had their credentials stolen.
Targeting Trezor users
The stolen accounts were quickly terminated and MailChimp took additional steps to prevent other employees from being affected, the company said. But the damage was done.
Using the stolen credentials, the attackers accessed 319 MailChimp accounts and exported "audience data", including mailing lists from 102 customer accounts.
They also accessed the (now defunct) API keys of an unknown number of clients. With the keys, attackers can create custom email campaigns and send them to mailing lists without accessing the MailChimp customer portal.
One of the companies whose customers were targeted by a phishing attack was hardware crypto wallet company Trezor. Shortly after the breach, Trezor customers began receiving an email saying that the company had suffered a data breach and asking users to download a program to help them reset their hardware wallet PINs.
The program disguised a variety of malware that allowed attackers to steal the contents of the wallet.
Siobhan Smyth, CISO at Mailchimp, told BleepingComputer that the company notified all compromised account holders, including those in the cryptocurrency and finance industries.
He reiterated the importance of having multi-factor authentication as an additional layer of protection against attacks.
"We sincerely apologize to our users for this incident and realize that it brings inconvenience and questions for our users and their customers. We are proud of our security culture, our infrastructure, and the trust our customers place in us to protect their "They trust the security measures and robust processes we have in place to protect our users' data and prevent future incidents," Smyth said.
Via BleepingComputer