Hackers Gained Access to Mailchimp Tools to Steal Mail Data Crypto Accounts

Criminal hackers were able to gain access to Mailchimp systems after obtaining employee login credentials through social engineering. The criminals were after data from cryptocurrency mailing lists.

mailchimp confirmed to be a victim of an attack after customers of Trezor, a hardware cryptocurrency wallet company, received notifications that the company had a data breach. The fake messages turned out to be a phishing attack in an attempt to get customers to install malware so the criminals could steal cryptocurrencies.

The criminals gained access to Mailchimp’s customer support systems and management tools after obtaining employee login credentials through social engineering. According to Mailchimp, the perpetrators thus managed to penetrate 319 customer accounts, including Trezor, and they succeeded in siphoning mailing data from 102 accounts. They also got their hands on APIs with which they can set up mailing campaigns outside the Mailchimp dashboard.

According to Mailchimp, the attack was emphatically aimed at cryptocurrencies and finance. Company reports Bleeping Computer that it quickly shut down affected employee accounts and disabled the affected APIs. The company discovered the attack on March 26. It is not known whether the break-in led to more phishing attacks.