Mailchimp Hacked to Phish Bitcoin Wallets

Hackers compromised an internal marketing tool to obtain access to client data, according to email marketing provider Mailchimp. Users of a bitcoin wallet company were targeted using the compromised data.

On Saturday, March 26th, Mailchimp discovered the attack after it found unauthorised access to a tool used by the customer care and account management teams. Mailchimp confirmed the breach to the press on Monday, however users of the Trezor hardware bitcoin wallet had been targeted by complex phishing emails over the weekend.

The attackers used a social engineering attack to take advantage of human weaknesses in the security system and get access to employee accounts. Against Mailchimp’s best efforts the hackers were able to access about 300 Mailchimp user accounts and steal data from 102 of them.

Siobhan Smyth, CISO of Mailchimp, said:

“We quickly responded to the incident by stopping access to the hacked employee accounts and taking steps to ensure that no other workers were compromised. We also recommend our customers adopt two-factor authentication and other personal security checks to keep their accounts and passwords safe.”

Mailchimp has refused to reveal what data was accessed, even though the attackers were targeting bitcoin wallets. Users of the Trezor hardware bitcoin wallet got phishing emails because of this attack. The hack of Mailchimp’s internal tools was only one piece of a puzzle though. One of the hacked email lists was used to send a fake data breach warning to Trezor clients, pushing them to download an updated version of the Trezor Suite desktop programme.

Mailchimp Hack resulted in Trezor Phishing Email
Fake notice of a Trezor security breach

The hackers also gained access to API keys for an unspecified number of clients, which have since been removed and are no longer usable. API keys are access tokens that allow MailChimp clients to manage their accounts and run marketing campaigns directly from their own websites or platforms. Mailchimp has received reports of hackers using information taken from user accounts to execute phishing attacks to their connections.

According to Mailchimp, the attackers focused on stealing user data in the cryptocurrency and financial industries. Sadly Trezor users, as well as customers of every other firm whose data was hacked, were affected.

It is unclear whether the attack was conducted by an “insider” at this time. It’s also unknown how many other crypto platforms and financial firms have been affected by this attack. According to Mailchimp, users of all other hacked accounts have been alerted, but further notifications from impacted companies are expected to appear soon.

MailChimp attack is similar to the Lapsus$ hacker group’s recent data breaches. This group hacked into a number of well-known firms, including Nvidia, Samsung, Microsoft, and Okta, using social engineering, ransomware, and credential theft. The Okta attack was conducted in the same way as the MailChimp breach was conducted. A contractor was targetted using social engineering attack who had access to internal customer support and account management systems.

The browser-based metaverse service has officially warned its users to be aware of phishing emails. To improve the security of an online account, security agencies and financial institutions must implement additional security measures such as two-factor authentication and one-time passwords.

Has your organisation started to increase cyber security measures yet? Start your Phishing Tackle two-week free trial today.

Recent posts