MailChimp, the well-known email marketing company, has been hacked. Cybercriminals infiltrated the company’s systems last month, stealing information on more than 100 users. The criminals then reused the stolen data by phishing holders of the physical cryptocurrency wallet, Trezor.
The attack, which MailChimp staff became aware of on March 26, involved “hitting” internal tools used by the company’s customer support staff to manage their accounts.
“Based on our investigation, we believe approximately 300 Mailchimp accounts were compromised and data was stolen from 102 of those accounts,” said a Mailchimp executive.
The hackers used the information to send phishing campaigns via email with the attack designed to identify and steal information from people in the crypto and financial industry.
After the MailChimp hack, users of Trezor Wallet, began reporting on Twitter that they had received strange emails about a security incident at the company. These notifications, as it turned out, were actually phishing emails.
Trezor quickly addressed the situation, explaining in a series of tweets that some user information had been compromised via the MailChimp intrusion and used in the phishing campaign, and published a blog post stating what users should do.