Pierluigi Paganini
April 05, 2022
During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported.
@Trezor WARNING: Elaborate Phishing attack.
— Life in Defi (@lifeindefi) April 3, 2022
This morning I received this message to BOTH my email addresses. On the surface it looks like a genuine message but I noticed it came from https://t.co/6T8nY84R6A and as such deleted it immediately. You may want to warn everyone. pic.twitter.com/BQSB2uV1JW
The fake data breach notification emails urged Trezort customers to reset the PIN of their hardware wallets by downloading malicious software that could have allowed attackers to steal the funds in the wallets.
Later Trazor reported that MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies. Trazor also took the phishing domain used by threat actors offline and launched an investigation to determine how many users have been impacted.
MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.
— Trezor (@Trezor) April 3, 2022
We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected. 1/
A statement shared by Mailchimp CISO Siobhan Smyth with TechCrunch revealed that the company discovered the security breach on March 26. A threat actor gained access to a tool used by the company’s customer support and account administration teams. The company was the victim of a social engineering attack aimed at its employees.
The attack resulted in the compromise of employee credentials.
“We acted swiftly to address the situation by terminating access for the compromised employee accounts and took steps to prevent additional employees from being affected,” Smyth said. ““When we become aware of any unauthorized account access, we notify the account owner and immediately take steps to suspend any further access,” Smyth added. “We also recommend two-factor authentication and other account security measures for our users as added measures to keep accounts and passwords secure.”
BleepingComputer states that threat actors compromised 319 MailChimp accounts and managed to export “audience data,” from 102 customer accounts.
The attackers also gained access to API keys for an undisclosed number of customers, then the company has disabled them.
Once obtained the API keys, threat actors would have conducted phishing campaigns without accessing MailChimp’s customer portal.
At this time company has already notified impacted customers, which are in the cryptocurrency and finance sectors.
Please vote Security Affairs as best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and other of your choice.
To nominate, please visit: https://forms.gle/4D4PygUVcNxFQ6iFA
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, MailChimp)
[adrotate banner=”5″]
[adrotate banner=”13″]
