Infosec at Stake: Hackers Breach Mailchimp to Phish Crypto Wallets

Photo by olieman.eth on Unsplash

Email marketing firm, Mailchimp revealed a data breach that resulted in the compromise of an internal tool yesterday. The motive of the hackers was to gain unauthorized access to customer accounts and stage phishing attacks.

The company became aware of this on March 26th when it detected unauthorized access of a tool used by the company’s customer support and account administration teams. Following this unauthorized activity, it acted quickly to terminate access to the breached employee accounts. The siphoned credentials were used to access 319 MailChimp accounts and further export the mailing lists pertaining to 102 accounts.

The Hack Show

The investigations following the incident revealed that the compromise of Mailchimp’s internal tools was just a part of a bigger puzzle.

The acknowledgment by Mailchimp came when cryptocurrency wallet company, Trezor, investigated a potential security incident stemming from an opt-in newsletter. This newsletter was hosted on Mailchimp after the hackers tampered with the stolen data to send rogue mails to the email lists. The foul play by the actors prompted the recipients of list to download a new version of the Trezor Suite desktop application.

This started a sequence of illicit events. The mail directed users to a phishing site that hosted a fake version of the application, designed to steal the seed phrase. The hackers could then gain total control over a user’s cryptocurrency wallet. Trezor has not yet revealed is any of its users’ funds were stolen during the attack.

In the wake of the break-in, the company is recommending its customers to enable two-factor authentication. This would secure their accounts from takeover attacks any such incident in the future.

Too long? Here’s a one-liner: Hackers breach Mailchimp to launch Crypto phishing scams, hackers used Mailchimp’s internal tools to target customers, including hardware cryptocurrency wallet Trezor




Latest news and the greatest brands—curated daily for you. Join other smart professionals today!

Related Posts