Foto: Illustration by Alex Castro / The Verge / Objavljeno: five. april 2022
Mailchimp, the veteran e-mail marketing platform, has confirmed that hackers used an internal tool to steal data from more than 100 of its clients — with the data being used to mountain phishing attacks on the users of cryptocurrency services.
The breach was confirmed to the press by Mailchimp on Monday, but it had come to low-cal over the weekend when users of the Trezor hardware cryptocurrency wallet reported existence targeted past sophisticated phishing emails.
In a statement sent to The Verge, Mailchimp CISO Siobhan Smyth said that the company had go aware of the breach on March 26th when it detected unauthorized access of a tool used by the visitor’s customer back up and account assistants teams. Although Mailchimp deactivated the compromised employee accounts after learning of the alienation, the hackers were withal able to view around 300 Mailchimp user accounts and obtain audience information from 102 of them, Smyth said.
“We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers,” Smyth said. “Nosotros accept pride in our security culture, infrastructure, and the trust our customers identify in the states to safeguard their data. We’re confident in the security measures and robust processes we take in place to protect our users’ data and forbid time to come incidents.”
However, details of the hack show that the compromise of Mailchimp’southward internal tools was but ane piece in a bigger puzzle. As Bleeping Reckoner reports, one of the stolen e-mail lists was used to ship a imitation data breach notification to Trezor customers, prompting them to download a new version of the Trezor Suite desktop application. In fact, the e-mail directed users to a phishing site that hosted a fake version of the awarding, designed to steal the seed phrase that would permit hackers to proceeds full control over a user’s cryptocurrency wallet. It’s currently unclear whether whatsoever Trezor users had funds stolen by the set on.
In a weblog post published Monday, Trezor said that the attack was “exceptional in its sophistication and … clearly planned to a high level of detail,” with the cloned version of the Trezor Suite app presenting a realistic functionality to anyone who installed it. SatoshiLabs, the makers of the Trezor wallet, take not even so responded to further questions sent by The Verge.
So far, Mailchimp’s analysis has concluded that the attackers focused on obtaining data from users in the cryptocurrency and finance sectors. Unfortunately for Trezor users — and for customers of every other organization whose data was compromised — it’s prophylactic to say that a skilled threat player now has knowledge of the users’ e-mail contact details and potentially the blazon of crypto hardware and software they are using.
Users of Trezor devices take been advised to report whatever new phishing attempts directly to firstname.lastname@example.org. Mailchimp has stated that the owners of all other compromised accounts have been informed, then more notifications from affected entities will probable appear shortly.