Mailchimp, one of the leading email marketing companies, announced that it was the target of a unauthorized security breach on January 12, 2023. It said that hackers had used an internal tool to access several customer accounts. In addition, Mailchimp stated that an attacker had also gained access to an internal customer support tool. They claimed that this attack was a result of phishing attacks, but the company did not offer any specific details about the types of attacks that used to compromise the accounts.
The attackers accessed the accounts of at least 102 users. These accounts used to generate mailing lists that then used to launch phishing campaigns. Researchers also accessed user data, billing addresses, shipping addresses, and full names. This used to launch the phishing campaign, which targeted cryptocurrencies.
Digital Ocean
Digital Ocean, which migrated its email service from Mailchimp, warned its customers of the security breach. While the exact number of customers affected is not known, it said that only a small number of them targeted. However, the company said that the affected users notified and their accounts secured.
Crypto industry executives said that they were surprised to hear about the incident. As crypto-related businesses like Mailchimp, Gemini, and Uber use the platform to send transactional emails, it is possible that the attackers were able to extract information such as credit card numbers and other financial information. According to analysts, the security breach is likely part of a larger security event that occurred. Some believe that the hackers used a malicious application that allowed them to transfer funds.
Email service providers such as Mailchimp are vulnerable to attack by malware and phishing attacks. It has observed that the phishing campaign executed with exceptional sophistication. One of the techniques used was to use an unauthorized user account to send fake data breach notification emails. This could have allowed the attacker to manipulate promotional codes, fetch customer information, or launch rogue emails.
In other cases, the attackers gained access to the accounts of trusted users. This is why Mailchimp advises its contacts to be extra vigilant when receiving suspicious emails. Additionally, the company recommends enabling two-factor authentication. When Mailchimp disabled the employee account, the CISO took steps to prevent the unauthorized account from used again.
Trezor
Another company that compromised by the Mailchimp security incident was Trezor. A fake desktop application developed to steal a seed phrase that would allow the attacker to gain complete control over the wallet. Once the seed phrase entered, the app directed the user to a phishing website. By clicking on the link in the email, the customer prompted to enter their Trezor hardware wallet PIN. That, in turn, led to the download of a malicious code.
In December of 2022, Gemini experienced similar incidents. The attackers had access to 5.7 million Gemini customer email addresses. Their phishing kit was responsible for thousands of attacks against 136 high-profile organizations.
Recommended readings:
