MailChimp, a popular email marketing and automation platform company, has been recently hit by a cyberattack wherein the threat actors had infiltrated their internal customer support and account management system to perform phishing operations, intending to target cryptocurrency customers.
The heat of the news came first from Trezor, a cryptocurrency wallet security firm and a MailChimp subscriber, as they shared on Twitter that the email marketing firm had been compromised and its hackers have targeted crypto companies.
The hackers sent phishing emails to the clients of Trezor via the MailChimp email listing service, prompting them to reset their hardware wallet PINs through a fake software that would inject malware that steals cryptocurrency assets once installed.
As confirmed by MailChimp, they explained that the hacking incident was way more damage than just infiltrating Trezor since some of their employees had been victimised by a social engineering attack that had stolen their sensitive credentials.
Based on the statement of the email marketing firm’s CISO, they had been aware that their internal tools for customer support and account administration were illegally accessed last March 26. They also added that they quickly mitigated the issue by blocking the compromised employee accounts and applied measures to prevent other employees from being affected.
The stolen employee credentials were exploited to access 319 MailChimp accounts and export sensitive audience data, such as mailing lists from over a hundred customer accounts. The hackers had also accessed API keys of other customers that are now unusable after being disabled.
The API keys are access tokens that the email marketing firm uses to allow its customers to manage their accounts and launch marketing campaigns straight from their platforms. Since the API keys were compromised, the hackers formed custom phishing operations to target Trezor’s customers without the need to access MailChimp’s customer portal.
All compromised account holders have already been alerted regarding the incident and were advised to enable two-factor authentication to provide more protection in their accounts.