Hackers hit email marketing giant Mailchimp, access crypto wallets' data


San Francisco, Apr 5 (IANS): Hackers have stolen data from more than 100 clients of email marketing giant Mailchimp after they broke into its services, using the data to mount phishing attacks on the users of cryptocurrency platforms.

Trezor hardware cryptocurrency wallet, a user of Mailchimp, tweeted that they have been targeted by sophisticated phishing emails.

"MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies," said Trezor.

"We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected," it posted, adding they will not be communicating by newsletter until the situation is resolved.

The Mailchimp security team disclosed that a malicious actor accessed an internal tool used by customer-facing teams for customer support and account administration.

The bad actor gained access to this tool as a result of a successful social engineering attack on Mailchimp employees.

"This attack is exceptional in its sophistication and was clearly planned to a high level of detail. The phishing application is a cloned version of Trezor Suite with very realistic functionality, and also included a web version of the app," said the cryptocurrency wallet.

In a statement to The Verge, Mailchimp CISO Siobhan Smyth said that the company had become aware of the breach on March 26 when it detected unauthorised access of a tool used by the company's customer support and account administration teams.

"The hackers were still able to view around 300 Mailchimp user accounts and obtain audience data from 102 of them," Smyth said.

"We sincerely apologise to our users for this incident and realise that it brings inconvenience and raises questions for our users and their customers," Smyth added.

 

  

Top Stories


Leave a Comment

Title: Hackers hit email marketing giant Mailchimp, access crypto wallets' data



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.