December 30, 2024

MailChimp breach exposes hundreds of customer accounts

0

One of the biggest marketing automation platforms and email marketing services, MailChimp, was breached over the weekend, with attackers getting away with more than a hundred mailing lists.

The mailing lists were later used to target people with phishing attacks, in an attempt to steal their money and cryptocurrency holdings.

As reported by BleepingComputer, MailChimp announced the breach on Sunday. Apparently, a number of employees fell for a social engineering attack, and had their credentials stolen.

TechRadar needs you!

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.

>> Click here to start the survey in a new window

Targeting Trezor users

The stolen accounts were quickly terminated, and MailChimp took additional steps to prevent other employees from being affected, the company said. But the damage had already been done.

With the stolen credentials, the attackers accessed 319 MailChimp accounts and exported “audience data”, including mailing lists from 102 customer accounts.

They also accessed API keys (now defunct) from an unknown number of customers. With the keys, the attackers can create custom email campaigns and send them to mailing lists without accessing the MailChimp customer portal.

One of the companies whose customers were targeted with a phishing attack was hardware crypto wallet company Trezor. Soon after the breach, Trezor customers started getting an email that stated that the company had suffered a data breach, and invited users to download a program to help them reset the PINs on their hardware wallets.

The program disguised a malware strain that allowed attackers to steal the contents of the wallet.

Siobhan Smyth, Mailchimp’s CISO, told BleepingComputer that the company notified all of the compromised account holders, which included those in the cryptocurrency and finance sectors.

She reiterated the importance of having multi-factor authentication as an added layer of protection against attacks.

“We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers. We take pride in our security culture, infrastructure, and the trust our customers place in us to safeguard their data. We’re confident in the security measures and robust processes we have in place to protect our users’ data and prevent future incidents,” Smyth said.

The internet is a dangerous place, and great antivirus software is still a must

Via BleepingComputer