Popular email marketing platform –Mailchimp, has confirmed that hackers breached an internal tool and steal data from more than 100 of its clients. This data was then being used to mount phishing attacks on the users of cryptocurrency services Trezor. The breach was confirmed to the press by Mailchimp on Monday.
A statement by Mailchimp’s representative Siobhan Smyth confirmed that the company detected unauthorized access to a tool used by the company’s customer support and account administration teams. Smyth says, after the company learned about the breach, Mailchimp proceeded with deactivating the compromised employee accounts, but still the hackers were still able to view around 300 Mailchimp user accounts and were able to access data from 102 of them.
“We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers,” Smyth said. “We take pride in our security culture, infrastructure, and the trust our customers place in us to safeguard their data. We’re confident in the security measures and robust processes we have in place to protect our users’ data and prevent future incidents.”
However, details of the hack reveal that more problems were created as a result of the breach of Mailchimp’s internal tools. According to reports making rounds, Trezor customers have received fake notifications from one of the stolen email lists prompting them to take action by downloading a new version of the Trezor Suite desktop application. The report also recalls that users are directed to a phishing site that hosted a fake version of the application. The design was created with the motive to steal the seed phrase that gives hackers the ability to gain total control over unsuspecting users’ cryptocurrency wallets. It’s still unclear if any Trezor users have reported stolen funds from the attack.
Trezor in a blog post states that the attack was “exceptional in its sophistication and … clearly planned to a high level of detail.” Trezor states that the phishing site presents a cloned version of the Trezor Suite app with similar functionalities. Mailchimp has refused to disclose other cryptocurrency or finance services that were impacted by the breach, however, the owners of all other compromised accounts have been notified.
According to Mailchimp’s analysis of the hack, the focus of the hackers was on obtaining data from cryptocurrency users. Unfortunately for Trezor users — and for customers of any other organization that might have been compromised — it’s safe to say that a hacker somewhere has knowledge of users’ data and potentially the type of crypto hardware and software they make use of. As it stands, anyone subscribed to newsletters from cryptocurrency or finance platforms should be on alert for possible phishing scams. It’s best to avoid clicking links from unverified emails.
Trezor has advised users to report any new phishing attempts directly to email@example.com. While investigations are still ongoing to gain more knowledge of the extent of the hack, Mailchimp has commenced implementing additional security measures on its platform. More updates will be shared with the public in no time.