Hackers used internal tools from Mailchimp to target customers from a total of 102 users, including hardware cryptocurrency wallet Trezor, reported The Verge. Trezor users over the weekend received emails claiming that their accounts were compromised in a data breach. The email included a purported link to an updated version of Trezor Suite, along with instructions to set up a new pin — though in actuality it was a phishing site meant to capture the contents of their digital wallets.
In a tweet on Sunday, Trezor confirmed that the emails were a part of a sophisticated phishing campaign by a malicious actor that targeted MailChimp’s newsletter database. “The Mailchimp security team disclosed that a malicious actor accessed an internal tool used by customer-facing teams for customer support and account administration," Trezor wrote in a blog post. "The bad actor gained access to this tool as a result of a successful social engineering attack on Mailchimp employees."
In other words, the hackers managed to trick employees in MailChimp’s customer support team into handing over their log-in credentials, then used the company's own internal tools to send the emails. The Trezor attack specifically was planned to a “high level of detail”, according to the company’s blog post. Still, in order for the attack to be successful, Trezor users had to download the fake app and submit their wallet credentials. It’s unlikely many made it that far, as Trezor points out in its post, considering that most operating systems would have notified the user that they were downloading software from an unknown source.
MailChimp first became aware of the breach on March 26th, according to a statement by its chief information officer Siobhan Smith given to The Verge. The hackers were able to obtain audience data from 102 different MailChimp clients, meaning that Trezor is far from the only company likely impacted. Decentraland, the in-browser metaverse platform, confirmed on Twitter that its newsletter was among those caught up in the hack.
Attention: Our newsletter subscribers’ email addresses were leaked in a Mailchimp data breach.— Decentraland (@decentraland) April 4, 2022
Please stay alert as the malicious actors may use your email address to try and message you impersonating the Decentraland Foundation.
Learn more details:https://t.co/UujMMZ1HXt
We’ll likely find out what other companies were involved in the MailChimp hack in the days to follow. The company has already alerted all of its clients who were involved.