Email marketing giant Mailchimp suffered a cybersecurity breach over the weekend, with hackers gaining access to valuable information. The company, which boasts high-profile customers from every sector, said threat actors used an internal tool to steal client data.
And it didn’t stop there. The cybercriminals then used the compromised data to launch phishing campaigns on cryptocurrency wallets and exchanges users.
Mailchimp confirmed the news on Monday, stating that hackers viewed around 300 user accounts and stole data from 102 of them. Among the victims was the hardware cryptocurrency wallet Trezor, which reported it was the target of phishing campaigns.
Mailchimp Hack – Was Crypto Data the Target?
Cybercriminals keep adding big-name organizations to their lists of victims, with Mailchimp being their most recent target. But was the attack just the first phase of a larger assault? Let’s break it down.
Mailchimp’s Chief Information Security Officer Siobhan Smyth told TechCrunch that the company became aware of the incident on March 26. He explained that threat actors launched a social engineering attack, which takes advantage of human error and manipulates victims. Then, they managed to compromise a customer support and account administration tool and gained unauthorized access.
And even though Mailchimp deactivated the breached employee accounts after discovering the attack, they weren’t quick enough. As a result, hackers still viewed around 300 client information and acquired data from 102 accounts.
We acted swiftly to address the situation by terminating access for the compromised employee accounts and took steps to prevent additional employees from being affected.Siobhan Smyth, Mailchimp CISO
Furthermore, the company did not disclose the customers’ names or the type of data hackers obtained. However, the main targets were customers in the cryptocurrency and finance sectors. The attackers also took control of API keys for several clients, enabling them to send fake emails posing as their victims. But Mailchimp deactivated them so that the perpetrators can longer use them.
Smyth continued that they immediately notify their customers when they notice any breach and “take steps to suspend any further access.” He added that they advise their users to use two-factor authentication and other security measures to keep their accounts and passwords secure.
Trezor Among the Victims
The Mailchimp incident surfaced after BleepingComputer reported that Trezor suffered a cyberattack. The crypto wallet tweeted that it was the subject of phishing emails following the attack on Mailchimp. Trezor uses the email marketer to send newsletters to its clients.
The hackers impersonated the hardware wallet in the emails and told customers to download a new version of the Trezor Suite desktop app. If the victim falls for the scam, cybercriminals can steal their PINs and take complete control of their wallets. However, it’s still unclear whether any funds were stolen.
Trezor revealed in a blog post that the attack was quite sophisticated with a high level of detail. The counterfeit app looked very similar to the original one and even contained realistic functionality to anyone who installed it.