MailChimp Breach Exposes Hundreds of Customer Accounts

MailChimp Breach Exposes Hundreds of Customer Accounts

Hackers gained access to over a hundred mailing lists after hacking MailChimp. It is one of the most prominent marketing automation platforms and email marketing services.

The mailing lists were afterward used to launch phishing attacks on victims. Its purpose is to steal their money and cryptocurrency holdings.

MailChimp announced the incident on Sunday, according to BleepingComputer. A handful of employees reportedly fell victim to a social engineering attack. And someone stole their credentials (opens in new tab).

What is Mailchimp?

Mailchimp is a well-known email marketing service. Its primary goal is to send out newsletters and automated emails. Because it can help your business succeed. Email marketing allows you to communicate with your customers. And it can engage them in conversation and establish meaningful, long-term relationships. Mailchimp is an email service provider (ESP) for businesses. This service focuses on email and online marketing. Mailchimp started its business in 2001. And now, Mailchimp has grown to become one of the most popular email newsletter providers.


Picture: Mailchimp

Email marketing is a very powerful instrument. Mailchimp allows you to send newsletters and automated emails. You can either use a form to create an email list or import your current contacts. Mailchimp offers pre-designed email templates as well as a drag-and-drop email builder. The software has email metrics built-in. With all this in mind, Mailchimp is an appealing platform for organizations. It is helpful for anyone who looks to get started with email marketing.

Who Uses Mailchimp?

Mailchimp is one of the most used email marketing platforms. So it's no surprise that it's utilized in various industries and by companies of all kinds. They've mastered the art of "everyone's email marketing." Over 20 million people use Mailchimp. It includes some of the world's most well-known companies. And some organizations like universities, charities, small businesses, and local clubs.

But, Mailchimp isn't business software. And many people will discover that the functionality only goes so far as automation. As a result, small and medium-sized organizations use.

Targeting Trezor Users

Someone canceled the stolen accounts. And MailChimp took further precautions. According to the business, this action is to ensure that no one can affect other employees. 

 The attackers used the stolen credentials. After that, they logged into 319 MailChimp accounts and exported "audience data." It includes mailing lists from 102 client accounts.

They also obtained API keys from an unknown number of clients (which are now defunct). The attackers don't have access to the MailChimp customer portal. They can develop custom email campaigns and deliver them to mailing lists using the keys.


Picture: Trezor

Trezor is a hardware crypto wallet firm. It was one of the companies whose clients were targeted in a phishing attempt. Trezor clients began receiving emails shortly after the attack informing them. They said that the company had experienced a data breach. And the attack invited them to download an application. It is for assisting them in resetting the PINs on their hardware wallets.

The program hid a virus strain that allowed attackers to steal the contents of the wallet (opens in a new tab).

Mailchimp's CISO, Siobhan Smyth, told BleepingComputer that the business alerted all affected account users, including those in the cryptocurrency and financial industries.

She emphasized the significance of multi-factor authentication. She said that as an extra layer of security against attackers.

They apologize to their users for this occurrence. And they understand that it has caused them. Their customer's inconvenience and confusion. They are proud of their security culture, infrastructure, and faith. They ensure to keep customers' data safe. Smyth stated, "We are confident in the security protections and robust protocols." They have to protect their users' data (opens in new tab) and avoid future incidents."

4 ratings
Paul Syverson
Paul Syverson
Paul Syverson is the founder of Product Reviews. Paul is a computer scientist; he used to carry out a handful of significant studies which contributed to bringing in many special features on the site. He has a huge passion for computers and other tech products. He is always diligent in delivering quality writings to bring the most value to people. |