Security News > 2021 > July > Chipotle’s marketing account hacked to send phishing emails
Hackers have compromised an email marketing account belonging to the Chipotle food chain and used it to send out phishing emails, luring recipients to malicious links.
The campaign sent out in three days at least 120 malicious emails from a hacked Mailgun account used by Chipotle for email marketing purposes.
Almost all malicious emails impersonated Microsoft with the purpose of collecting login information.
Email security company Inky says in a blog post today that they caught 105 such emails in this three-day campaign.
The emails appeared to come from "Microsoft 365 Message center" and alerted the recipient of emails that could not be delivered "Due to low email storage" in the cloud.
Hacking an email marketing platform for phishing attacks has been described earlier this year as an entry vector used by Nobelium, the state-sponsored threat actor blamed for the Solarwinds supply-chain attack.