Security News > 2022 > April > Hackers breach MailChimp's internal tools to target crypto customers
Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks.
In an email to BleepingComputer, MailChimp has confirmed that the breach was more significant than just Trezor's account being accessed by threat actors.
"On March 26, our Security team became aware of a malicious actor accessing one of our internal tools used by customer-facing teams for customer support and account administration," MailChimp CISO, Siobhan Smyth, told BleepingComputer.
Application Programming Interface keys are access tokens that allow MailChimp customers to manage their accounts and perform marketing campaigns directly from their own websites or platforms.
The Okta breach was accomplished through a similar method as MailChimp, by social-engineering a contractor who had access to internal customer support and account management systems.
BleepingComputer has sent MailChimp and Trezor further questions about the breach but has not heard back.
News URL
Related news
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Radiant links $50 million crypto heist to North Korean hackers (source)
- New fake Ledger data breach emails try to steal crypto wallets (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
- North Korean hackers stole $1.3 billion worth of crypto this year (source)
- North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin (source)
- FBI links North Korean hackers to $308 million crypto heist (source)
- White House links ninth telecom breach to Chinese hackers (source)
- Hackers steal ZAGG customers' credit cards in third-party breach (source)