• by Ray Schultz , April 4, 2022

Mailchimp was hit by a data attack in March, resulting in data being exposed on cryptocurrency accounts. One was the crypto-wallet provider Trezor.  

“MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies,” Trezor says in a tweet, according to CryptoPotato.  

Trezor adds: “We will not be communicating by newsletter until the situation is resolved. Do not open any emails appearing to come from Trezor until further notice.”

Mailchimp, now part of Intuit, became aware of the exposure on March 26 -- finding that a malicious actor had accessed “one of our internal tools used by customer-facing teams for customer support and account administration,” says Siobhan Smyth, Mailchimp’s CISO. 

Smyth adds that the incident was “propagated by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised.”  

Mailchimp believes that about 300 accounts “were viewed and audience data was exported from 102 of those accounts.” The targets were “users in industries related to cryptocurrency and finance, all of whom have been notified,” Smyth continues. 

The company has “managed to take the phishing domain offline,” Smyth explains. “We are trying to determine how many email addresses have been affected.” 

The company “acted swiftly to address the situation by terminating access for the compromised employee accounts and took steps to prevent additional employees from being affected,” Smyth says. 

The firm is working with outside forensic counsel as part of its investigation. It has determined that “some accounts’ API keys posed a potential vulnerability,” Smyth reports. “Out of an abundance of caution, we disabled those API keys, implemented protections so they can’t be re-enabled, and notified affected users.” 

However, as a result of the incident, “ we've received reports of the malicious actor using the information they obtained from user accounts to send phishing campaigns to their contacts,” Smyth states. 

Apologizing for the incident, Smyth concludes: “We’re confident in the security measures and robust processes we have in place to protect our users’ data and prevent future incidents.”