Mailchimp, the veteran email marketing platform, has confirmed that hackers used an internal tool to steal data from more than 100 of its customers — using the data to conduct phishing attacks on cryptocurrency service users .
The breach was confirmed to the press by Mailchimp on Monday, but had come to light over the weekend when users of the Trezor hardware cryptocurrency wallet reported being targeted by sophisticated phishing emails.
MailChimp has confirmed that their service has been compromised by an insider targeting crypto companies.
We managed to take the phishing domain offline. We’re trying to determine how many email addresses are affected. 1/
— Trezor (@Trezor) April 3, 2022
In a statement sent to The Verge, Siobhan Smyth, Mailchimp’s CISO, said the company became aware of the breach on March 26 when it discovered unauthorized access to a tool used by the company’s customer support and account management teams . Although Mailchimp disabled the compromised employee accounts after learning of the breach, the hackers were still able to view around 300 Mailchimp user accounts and obtain audience data from 102 of them, Smyth said.
“We sincerely apologize to our users for this incident and recognize the inconvenience it causes and raises questions for our users and their customers,” said Smyth. “We pride ourselves on our security culture, infrastructure and the trust our customers place in us to protect their data. We trust the security measures and robust processes we have in place to protect our users’ data and prevent future incidents.”
However, details of the hack show that the compromise of Mailchimp’s internal tools was just one piece in a larger puzzle. As Bleeping Computer reports, one of the stolen email lists was used to send a fake data breach notification to Trezor customers, urging them to download a new version of the Trezor Suite desktop application. In fact, the email directed users to a phishing site that hosted a fake version of the application designed to steal the seed phrase that would allow hackers to take complete control of a user’s cryptocurrency wallet gain. It is currently unclear if funds were stolen from Trezor users as a result of the attack.
In a blog post published on Monday, Trezor said the attack was “extraordinary in its sophistication and … clearly planned down to the last detail,” with the cloned version of the Trezor Suite app offering realistic functionality to whoever installed it. SatoshiLabs, the makers of the Trezor wallet, have yet to respond to any further questions from The Verge.
So far, Mailchimp’s analysis has revealed that the attackers have focused on obtaining data from users in the cryptocurrency and financial sectors. Unfortunately for Trezor users – and for customers of any other organization whose data has been compromised – it is safe to say that a skilled attacker now has knowledge of users’ email contact details and possibly the type of cryptocurrency they are using. hardware and software.
Trezor device users are advised to report new phishing attempts directly to [email protected]. Mailchimp has stated that the owners of all other compromised accounts have been notified, so more notifications from affected companies are likely to appear soon.