Digital Forensics Dispatch

Digital Forensics Blog
by Sensei Enterprises, Inc.

Email Service Provider MailChimp Breached, Hackers Target Cryptocurrency Customers

April 5, 2022

Bleeping Computer’s Lawrence Abrams reports that the email marketing firm MailChimp disclosed that hackers had hit its systems and gained access to customer support and account management tools. Abrams writes “Sunday morning, Twitter was abuzz with reports from owners of Trezor hardware cryptocurrency wallets who received phishing notifications claiming that the company had suffered a data breach.”

The emails received by the Trezor customers were phishing emails sent by the MailChimp hackers. The email prompted Trezor customers to reset their hardware wallet PINs which downloaded malicious software that allowed for the stored cryptocurrency to be stolen.

MailChimp reported to BleepingComputer that the breach was more significant than just the Trezor account breach. Abrams writes “[according] to MailChimp, some of their employees fell for a social engineering attack that led to the theft of their credentials.”

The credentials harvested through a social engineering attack were used to access over 300 MailChimp accounts and export data, most likely customer mailing lists, from 102 customer accounts. The attackers also gained access to the Application Interface (API) keys, which are access tokens that allow for MailChimp customers to manage their accounts or marketing campaigns from their websites or platforms. The API interfaces have currently been disabled to prevent any use of those features for additional compromise.

MailChimp reports that it has notified all customers of the breach and that the hackers specifically accessed customers within the cryptocurrency and finance sectors.

This attack is a reminder to all companies and individuals that security training for employees is a necessity and to be alert about emails they are receiving. This whole incident would have likely been avoided if the individuals at MailChimp had recognized that they were falling for a social engineering attack.

It’s also important to note that you should always verify in person with the individual asking for account credentials. Ask yourself, why does this person need my credentials? Then find that person in the office and ask them if they need those credentials.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology