Email marketing company Mailchimp announced on Monday that a hacker hacked into its internal tools and gained access to 319 Mailchimp accounts for companies in the cryptocurrency and finance industries.
Of these 319 accounts viewed, the hacker exported audience data from 102.
Siobhan Smyth, chief information security officer at Mailchimp, told The Record in a statement that on March 26, their security team “became aware of a malicious actor accessing one of our internal tools used by customer-facing teams for customer support and account administration”.
“The incident was propagated by an external actor who successfully carried out a social engineering attack against Mailchimp employees, which compromised employee credentials. We acted quickly to remedy the situation by terminating access to compromised employee accounts and have taken steps to prevent other employees from being affected,” Smyth said, noting that they had engaged an “external forensic attorney” to review the violation.
“Our findings show that this was a targeted incident focused on users in the cryptocurrency and finance-related industries, all of whom were notified. We also determined that the API keys for some accounts exhibited a potential vulnerability. Out of an abundance of caution, we have disabled these API keys, implemented safeguards so they cannot be re-enabled, and notified affected users.”
Smyth added that they have received reports that the malicious actor is using information they have obtained from user accounts to send phishing campaigns to their contacts.
On Sunday morning, popular cryptocurrency wallet company Trezor caught on Twitter say that some of its services were compromised by the Mailchimp incident.
“Mailchimp has confirmed that its service has been compromised by an insider targeting crypto companies. We have successfully taken the phishing domain offline. We are trying to determine how many email addresses have been affected,” said the society.
“We will not be communicating via newsletter until the situation is resolved. Do not open any emails that appear to be from Trezor until further notice. Please ensure that you are using anonymous email addresses for Trezor-related activities. bitcoins.
Trevor disabled several of his domains following the hack. The company did not respond to requests for comment regarding their claim that the attack was due to an “insider” as opposed to someone who stole a Mailchimp employee’s credentials.
It remains unclear how many other cryptocurrency services or financial institutions were affected by the incident.
Smyth said that since the attack, they have notified account owners and immediately taken action to suspend further access when they become aware of unauthorized access to the account.
The company urged customers to use two-factor authentication and other account security measures “as additional measures to keep accounts and passwords secure.”
“We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers. We are confident in the robust security measures and processes we have in place to protect our users’ data and prevent future incidents,” Smyth said.