Cyber criminals have hacked email marketing platform Mailchimp. The hackers targeted user data to carry out phishing attacks on crypto wallets.
In total, the hackers stole data from 102 Mailchimp customers, the email marketing platform indicates in an email to tech site Bleeping Computer. This gained them access into the accounts of 300 customers. For the breach, the hackers used an internal tool of the email marketing platform. This tool allows customer service and account management agents to gain greater insight into customer accounts.
Phishing attempt on Trezor crypto wallet
Using one of the stolen email lists, the hackers then sent a fake data breach notification to end users of the Trezor crypto wallet. In the mail, the recipients were requested to download a new – in this case manipulated – version of the Trezor Suite desktop application. For this they were referred to a phishing site. The aim of the fake application was ultimately to extract the seed phrase from the end users, so that the hackers could have total control over the crypto wallet of the victim. Whether Trezor customers were actually affected by the hack is unknown.
Apologies from Mailchimp
Mailchimp discovered the hack after it discovered suspicious access to the tool from some employee accounts. Although these accounts were immediately blocked, the hackers were still able to access customer data. Mailchimp has since notified customers and apologized.