Details of the Mailchimp Hack
In a statement to multiple outlets, Mailchimp CISO Siobhan Smyth said the company discovered the intrusion on March 26. Mailchimp found a malicious actor accessing a company tool that its customer support and account administration team ordinarily use. According to TechCrunch’s reporting, the hackers gained access through a social engineering attack. After the discovery, Mailchimp said it quickly disabled access to the compromised accounts. It also took additional measures to safeguard other employee accounts. However, in the interim, the hackers managed to view approximately 300 Mailchimp accounts. They also successfully exfiltrated audience data from 102 of these accounts. Furthermore, the hackers gained access to customer API keys, allowing them to send imitation emails to unsuspecting customers. The keys have now been disabled and are unusable.
Trezor Wallet Customers Face Targeted Phishing Emails
As mentioned earlier, the incident came to public attention even before Mailchimp’s confirmation. Cryptocurrency wallet maker Trezor tweeted that its users received phishing emails directing them to install a malicious Trezor Suite lookalike. Trezor, which uses Mailchimp to send newsletters, claimed that these emails were a result of the breach. In a blog post, Trezor added, “this attack is exceptional in its sophistication and was clearly planned to a high level of detail. The phishing application is a cloned version of Trezor Suite with very realistic functionality, and also included a web version of the app.” Trezor also said that for the attack to succeed, users would have to install the malicious software onto their devices. If they do so, their operating system should detect that it is coming from an unknown source. Trezor asked its users not to ignore this warning, pointing out that all of its official software comes with its parent company’s digital signature.
Mailchimp CISO Issues Apology to Affected Customers
Mailchimp also confirmed that its customers in the cryptocurrency and financial services sector were targets of the attack. However, it did not disclose how many customers were impacted. “We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers,” Smyth said. “We take pride in our security culture, infrastructure, and the trust our customers place in us to safeguard their data. We’re confident in the security measures and robust processes we have in place to protect our users’ data and prevent future incidents,” Smyth added. If this story grabbed your attention, we recommend reading more about social engineering attacks and how you can prevent them.