Mailchimp, an email marketing firm, announced a data breach on Monday. The hackers used internal Mailchimp tools to target consumers from a total of 102 users, including Trezor, a hardware cryptocurrency wallet.
Users of the Trezor got emails alleging that their accounts had been compromised as a result of a data breach. The users received an email with a link to updated Trezor Suite version, as well as some instructions on how to set up a new pin.It was actually a phishing site designed to steal the contents of their digital wallets.
“The incident was propagated by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised,” “Based on our investigation, we believe that about 300 Mailchimp accounts were viewed and audience data was exported from 102 of those accounts,” Smyth said.
Trezor crypto wallet users began claiming on Twitter that they had received strange emails about a security breach at the company. Trezor is a piece of hardware that allows users to store their cryptocurrency offline.
The phishing campaign’s targets received an email informing them that Trezor had experienced a “security problem” and that they should download an updated version of the Trezor Suite software if they received the email. The user would then be prompted to “connect your wallet and enter your seed” by clicking a link to download the lookalike software.
Despite Mailchimp’s claims that it responded immediately to deny access to the hacked employee account, the hackers have accessed 319 MailChimp accounts and have exported the email lists data for 102 of them.
Following the break-in, the company is advising consumers to enable two-factor authentication to protect their accounts from unauthorised access.
Users of Trezor devices are requested to report any new phishing efforts to security@trezor.io.