Threat actors managed to get access to internal customer support and account management systems at MailChimp, the email marketing company reported on Sunday. The hackers’ goal was to perform audience data theft and lead phishing cyberattacks.
MailChimp Data Breach: What Happened
Owners of Trezor hardware cryptocurrency wallets who got phishing messages suggesting the business had suffered a data breach were all over Twitter on Sunday morning.
Trezor clients were invited through these phishing notifications to reset their hardware wallet PINs by downloading malicious software, that permitted hackers to steal stored cryptocurrency.
Trezor later revealed that the phishing assault was carried out by hackers targeting the crypto industry, who had hacked MailChimp.
Here is what that false MailChimp data breach notification looked like:
What MailChimp Said
As MailChimp further tells, several of their employees were victims of a social engineering attack, which resulted in their credentials being stolen.
On March 26, our Security team became aware of a malicious actor accessing one of our internal tools used by customer-facing teams for customer support