On Monday, Email marketing service Mailchimp revealed a data breach that compromised an internal tool to access customer accounts and stage crypto phishing attacks.
On March 26, the company became aware of the incident when it noticed a malicious party accessing the customer support tool.
“The incident was propagated by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in compromised employee credentials,” Siobhan Smyth, Mailchimp’s chief information security officer, said.
Bleeping Computer first reported the development.
Mailchimp acted quickly to terminate access to the breached employee account. However, the extorted credentials were already used to access 319 MailChimp accounts and export the mailing lists connected with 102 accounts.
It is also believed that the unidentified threat actor has gained access to API keys for several customers, which according to the company, have been disabled, preventing the attackers from abusing the API keys to mount email-based phishing campaigns.
The acknowledgment comes in the form of a fraudulent email, which came with a supposed link from cryptocurrency wallet company, Trezor to download an updated version of the Trezor Suite. The update was hosted on a phishing site. Unsuspecting recipients were prompted to connect their wallets and enter the seed phrase on the lookalike application, allowing the threat actors to transfer the funds to a wallet under their control.
“This attack is exceptional in its sophistication and was clearly planned to a high level of detail,” Trezor explained. “The phishing application is a cloned version of Trezor Suite with very realistic functionality, and also included a web version of the app.”
In the wake of the attack, the company also recommends that customers enable two-factor authentication to secure their accounts from attacks. The company also warned its users to refrain from opening any emails from the company until further notice.
The American company hasn’t so far clarified whether an “insider carried out the attack.” It’s also unclear how the incident impacts many other cryptocurrency platforms and financial institutions.
A 3D virtual world browser-based platform, Decentraland, is a second confirmed casualty of the breach. On Monday, it disclosed that its “newsletter subscribers’ email addresses were leaked in a Mailchimp data breach.”