Mailchimp faces a breach to launch phishing scams

The email marketing firm Mailchimp was compromised at the end of March due to an access to its database. All this as part of a very well-planned plan by hackers to launch a phishing campaign, in which mining cryptocurrencies was the key. In this access, not only were the systems of the largest email marketing firm affected, but some of its clients also reported different scams through emails. Keep reading to learn more about it!

Read: Ukrtelecom suffers a cyberattack in the middle of war

Important details of the breach to Mailchimp

Mailchimp is a firm dedicated to the creation, implementation, and management of marketing campaigns through emails; a highly appreciated technique in the ​​digital marketing area. Their client list is very extensive, with some big names. But it is precisely this that makes Mailchimp a very interesting actor for cybercriminals.

Through false campaigns, where they impersonate different companies that use the Mailchimp service, they trick people into entering sites that end up being fake, and where they only give hackers control and power over wallets or personal information.

Apparently, the unauthorized access occurred at the end of March, using an internal tool that allowed them to access customer accounts and profiles to start launching phishing campaigns. The first to report this event was Bleeping Computer, where they quote:

“The incident was propagated by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised.” Siobhan Smyth, Mailchimp’s chief information security officer.

Although Mailchimp acted quickly to mitigate this access, the attackers obtained 319 accounts and even mailing lists of 109 others. For this reason, they asked their customers to please activate two-factor authentication.

Affected customers

This data breach became relevant as the company Trezor, which is dedicated to offering cryptocurrency wallets, said it was investigating a security incident stemming from a subscription newsletter hosted on Mailchimp. The attackers used this bulletin to trick Trezor’s users by reporting a security flaw. In the email, you can read that they are invited to download an updated version of the app, when it is nothing more than a Phishing site, where unsuspecting users connected their wallets and entered the seed phrase, giving attackers control of their assets.

“This attack is exceptional in its sophistication and was clearly planned to a high level of detail,” Trezor explained. “The phishing application is a cloned version of Trezor Suite with very realistic functionality, and also included a web version of the app.”

Another client confirmed to be affected by this Mailchimp breach was Decentraland, a 3D virtual world browser-based platform, which disclosed that its “newsletter subscribers’ email addresses were leaked in a Mailchimp data breach.”

Attacks on the databases of companies that offer services to others are extremely common. The important thing here is how they react and resolve to keep customers’ accounts safe. Now clients are expecting what other measures Mailchimp will take and how they will harden their systems.

Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.


Facebook: Eagle Tech Corp

Instagram: @eagletech_corp

Twitter: @eagletechcorp

LinkedIn: Eagle Tech

YouTube: Eagle Tech Corp

Cyber security & IT Managed Services

Table of Contents

Share this Article
Related Articles