Email marketing company, Mailchimp, has disclosed that it was targeted by hackers who gained access to and exported information from Mailchimp accounts.
The incident was first raised to the Mailchimp security team on 26 March and the company disclosed the attack publicly on 4 April.
“The incident was propagated by a bad actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised,” the company said.
Mailchimp said that as part of the same incident the bad actor attempted to send a phishing campaign to a user’s contacts from the user’s account with information they obtained during the March 26 attack.
Mailchimp said: “319 Mailchimp accounts were viewed and audience data was exported from 102 of those accounts. Our findings show that this was a targeted incident focused on users in industries related to cryptocurrency and finance.”
Targeting Bitcoin
Trezor, a bitcoin hardware wallet, confirmed it was affected by the Mailchimp incident and said it was carrying out an investigation on how customers may have been affected following an insider compromise of a newsletter database hosted on Mailchimp.
On 3 April Trezor users reported being targeted by a malicious phishing attack. The phishing email sent a message about Trezor experiencing a “security incident” involving a data breach. It then encouraged victims to download a Trezor Suite lookalike app, that asked Treor users to connect their Bitcoin wallets and enter their seed phrases.
Trezor said: “For this attack to be successful, users had to install the malicious software on their devices, at which point their operating system should identify that the software comes from an unknown source. This warning should not be ignored, all official software is digitally signed by SatoshiLabs.”
The company also said the only reason for customers to worry about their Bitcoin funds is if they entered their seed into the malicious app.
Protecting yourself against phishing attacks
Socially engineered attacks, like phishing attacks, see threat actors attempt to impersonate a trusted source in order to manipulate the victim into further action.
The multinational technology conglomerate, Cisco, says that social engineering attacks have grown increasingly sophisticated.
“Not only do fake websites or emails look realistic enough to fool victims into revealing data that can be used for identity theft, social engineering has also become one of the most common ways for attackers to breach an organization's initial defenses in order to cause further disruption and harm,” Cisco says.
There are a number of useful procedures that can be put in place in order to protect both individuals and organizations against these attacks:
- Multi-factor authentication
- Email security with anti-phishing defenses
- Strong password management
- Employee training to identify and avoid such attacks
Trezor noted that the leak of email addresses is most harmful as the victims are now likely to receive an increased number of phishing attempts.