MailChimp breach exposes hundreds of customer accounts

(Image credit: Mailchimp)

One of the biggest marketing automation platforms and email marketing services, MailChimp, was breached over the weekend, with attackers getting away with more than a hundred mailing lists.

The mailing lists were later used to target people with phishing attacks, in an attempt to steal their money and cryptocurrency holdings.

As reported by BleepingComputer, MailChimp announced the breach on Sunday. Apparently, a number of employees fell for a social engineering attack, and had their credentials stolen.

Targeting Trezor users

The stolen accounts were quickly terminated, and MailChimp took additional steps to prevent other employees from being affected, the company said. But the damage had already been done.

With the stolen credentials, the attackers accessed 319 MailChimp accounts and exported “audience data”, including mailing lists from 102 customer accounts.

They also accessed API keys (now defunct) from an unknown number of customers. With the keys, the attackers can create custom email campaigns and send them to mailing lists without accessing the MailChimp customer portal.

One of the companies whose customers were targeted with a phishing attack was hardware crypto wallet company Trezor. Soon after the breach, Trezor customers started getting an email that stated that the company had suffered a data breach, and invited users to download a program to help them reset the PINs on their hardware wallets.

The program disguised a malware strain that allowed attackers to steal the contents of the wallet.

> What is phishing and how dangerous is it?

> Hackers have found a clever new way to steal your Microsoft 365 credentials

> Google update looks to help you spot Workspace phishing scams

Siobhan Smyth, Mailchimp’s CISO, told BleepingComputer that the company notified all of the compromised account holders, which included those in the cryptocurrency and finance sectors.

She reiterated the importance of having multi-factor authentication as an added layer of protection against attacks.

"We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers. We take pride in our security culture, infrastructure, and the trust our customers place in us to safeguard their data. We’re confident in the security measures and robust processes we have in place to protect our users’ data and prevent future incidents,” Smyth said.

The internet is a dangerous place, and great antivirus software is still a must

Via BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.