This week, MailChimp (a prominent email marketing firm) disclosed that they had been hit by hackers who gained access to internal customer support & account management tools to steal audience data and conduct phishing attacks. Twitter was full of reports from owners of Trezor hardware cryptocurrency wallets who received phishing notifications claiming that the company suffered a data breach.
These emails prompted some of Trezor's customers to reset their hardware wallet PINs by downloading malicious software that allowed stealing the stored cryptocurrency.
According to MailChimp, some of their employees fell victim to a social engineering attack that led to the theft of their credentials. Then, these stolen credentials were used to access 319 MailChip accounts, allowing the threat actors to export audience data, likely mailing lists, from 102 customer accounts.
In addition to viewing accounts & exporting data, the threat actors also gained access to API keys for an undisclosed number of customers. These Application Programming Interface keys are access tokens that allow MailChimp customers to manage their accounts and perform marketing campaigns directly from their own websites or platforms. The threat actors were able to use these keys to create custom phishing emails and send them to mailing lists without having to access MailChimp’s customer portal.
Mitigation of this threat:
MailChimp says that it has terminated access to the compromised employee accounts. In addition, the API keys have also been disabled & can no longer be used. While the email marketing firm works on bolstering its security measures, MailChimp recommends that all customers enable two-factor authentication (2FA) on their accounts for further protection.
Now is the time to take the necessary steps to help ensure that your company won’t become a victim. Learn more about implementing ThreatAdvice Educate, our employee cybersecurity training solution.