Security News > 2022 > April > Hackers breach MailChimp's internal tools to target crypto customers

Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks.
In an email to BleepingComputer, MailChimp has confirmed that the breach was more significant than just Trezor's account being accessed by threat actors.
"On March 26, our Security team became aware of a malicious actor accessing one of our internal tools used by customer-facing teams for customer support and account administration," MailChimp CISO, Siobhan Smyth, told BleepingComputer.
Application Programming Interface keys are access tokens that allow MailChimp customers to manage their accounts and perform marketing campaigns directly from their own websites or platforms.
The Okta breach was accomplished through a similar method as MailChimp, by social-engineering a contractor who had access to internal customer support and account management systems.
BleepingComputer has sent MailChimp and Trezor further questions about the breach but has not heard back.
News URL
Related news
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- zkLend loses $9.5M in crypto heist, asks hacker to return 90% (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Hackers pose as employers to steal crypto, login credentials (source)
- North Korean hackers linked to $1.5 billion ByBit crypto heist (source)
- Orange Group confirms breach after hacker leaks company documents (source)
- FBI confirms Lazarus hackers were behind $1.5B Bybit crypto heist (source)
- Silk Typhoon hackers now target IT supply chains to breach networks (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom (source)