Email marketing company Mailchimp confirmed this morning that a malicious hacking group managed to compromise its systems to access customer accounts and extract potentially sensitive information.
Siobhan Smyth, director of information security at Mailchimp, said its security teams detected malicious activity on its systems on March 26, when they discovered that a tool employed by its customer support systems was being used by hackers.
MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.
We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected. 1/
“We acted quickly to address the situation, canceling access to compromised accounts and taking steps to prevent other employees from being affected,” Smyth said.
Although the company claims that the incident was adequately addressed, it was confirmed that the hackers had access to about 300 Mailchimp accounts, extracting dozens of records. Although Mailchimp did not add more details about the compromised information, it was unofficially mentioned that this data belongs to cryptocurrency and financial analysis firms.
In addition to viewing accounts and exporting data, threat actors gained access to API keys for an undisclosed number of customers, allowing hackers to send spoofed emails that have already been disabled. Smyth said Mailchimp received some reports of hackers using the information they obtained from users’ accounts to send phishing campaigns to thousands of users.
Reports about this incident began circulating this weekend, after cryptocurrency wallet maker Trezor confirmed that its users had received emails as a result of the attack on Mailchimp.
In these malicious messages, the hackers incited Trezor users to reset their hardware wallet PINs by downloading malicious software that, had it been installed, could have allowed hackers to steal millions of dollars in cryptocurrency.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.