Email marketing firm MailChimp has confirmed that hackers have compromised its internal customer support and account management tools to hack into hundreds MailChimp accounts and conduct phishing attacks.
The incident came to light on Sunday when multiple owners of Trezor hardware cryptocurrency wallets reported about fake data breach notifications sent via Trezor newsletters powered by MailChimp. Trezor later announced that MailChimp had been compromised by malicious actors targeting the cryptocurrency sector.
MailChimp CISO, Siobhan Smyth has confirmed the breach and said that some of the company’s employees were tricked by social engineering attack that sought to steal credentials.
“On March 26, our Security team became aware of a malicious actor accessing one of our internal tools used by customer-facing teams for customer support and account administration,” Smyth said. “The incident was propagated by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised. We acted swiftly to address the situation by terminating access for the compromised employee accounts and took steps to prevent additional employees from being affected.”
The attackers used the stolen credentials to access 319 MailChimp accounts and to export “audience data,” likely mailing lists, from 102 customer accounts. The threat actors also gained access to API keys for a number of accounts and used them to launch phishing attacks.
The company has advised all its customers to enable two-factor authentication on their accounts for an additional layer of protection.
Cybersecurity Help statement on the critical situation in Ukraine
On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war! Слава Україні!