Hackers stole data from more than 100 clients of email marketing firm Mailchimp after breaking into the services and used the data to launch phishing attacks against users of cryptocurrency platform.
Trezor, a cryptocurrency hardware wallet that uses Mailchimp, recently tweeted that they had been targeted by sophisticated phishing emails.
Trezor said “MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies,”
“We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected,” it posted, adding they will not be communicating by newsletter until the situation is resolved.
The Mailchimp security team revealed that a malicious actor gained access to an internal tool used by client-facing teams for customer support and account administration.
The malicious actor gained access to this tool due to a successful social engineering attack on Mailchimp employees.
The cryptocurrency wallet firm said “This attack is exceptional in its sophistication and was clearly planned to a high level of detail. The phishing application is a cloned version of Trezor Suite with very realistic functionality, and also included a web version of the app,”
Mailchimp CISO Siobhan Smyth said in a statement to The Verge that the firm discovered the breach on March 26 after it detected unauthorised access of a tool used by the company’s customer support and account administration teams.
Smyth said “The hackers were still able to view around 300 Mailchimp user accounts and obtain audience data from 102 of them,”
He added “We sincerely apologise to our users for this incident and realise that it brings inconvenience and raises questions for our users and their customers,”