Mailchimp Says an Internal Tool Was Used To Breach Hundreds of Accounts

Mailchimp Says an Internal Tool Was Used To Breach Hundreds of Accounts

After hostile hackers accessed an internal corporate tool, malicious hackers gained access to client accounts, email marketing giant Mailchimp admitted a data breach. Mailchimp CISO Siobhan Smyth told TechCrunch that the business discovered the attack on March 26 after a hostile actor gained access to a tool used by the company’s customer service and account management teams. A effective social engineering assault, which exploits human mistake and employs manipulation tactics to get private information, access, or assets, was used to gain access.

“We responded quickly to the incident by suspending access to the hacked employee accounts and taking efforts to ensure that no other workers were affected,” Smyth added. Hackers examined around 300 Mailchimp accounts and successfully transferred audience data from 102 of them, but not soon enough, according to the business. Mailchimp wouldn’t reveal what data was stolen, but told TechCrunch that the hackers were after consumers in the bitcoin and financial industries. 

In addition to seeing accounts and exporting data, the threat actors obtained API credentials for an unknown number of customers, which allowed them to possibly send faked emails, but which have now been blocked and are no longer usable. However, according to Smyth, Mailchimp has received complaints of hackers utilizing information stolen from user accounts to launch phishing attacks to their contacts.

“We quickly alert the account owner and take steps to suspend any additional access when we become aware of any illegal account access,” Smyth told TechCrunch. “As an extra safeguard to keep accounts and passwords secure, we also advocate two-factor authentication and other account security procedures for our customers.” Smyth declined to comment on whether Mailchimp is taking any new security precautions to avoid future attacks.

The situation was initially reported by Bleeping Computer over the weekend, when Trezor, a cryptocurrency wallet company, confirmed on Twitter that its users had received phishing emails as a result of a hack at Mailchimp, which Trezor uses to distribute newsletters to clients. Users of Trezor hardware wallets were invited to reset their PINs by downloading malicious software, which, if installed, may have allowed hackers to steal customers’ cryptocurrency. The issue did not affect how many other bitcoin businesses or banking organizations, according to Mailchimp.