Security News > 2022 > April > Hackers breach MailChimp's internal tools to target crypto customers
Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks.
In an email to BleepingComputer, MailChimp has confirmed that the breach was more significant than just Trezor's account being accessed by threat actors.
"On March 26, our Security team became aware of a malicious actor accessing one of our internal tools used by customer-facing teams for customer support and account administration," MailChimp CISO, Siobhan Smyth, told BleepingComputer.
Application Programming Interface keys are access tokens that allow MailChimp customers to manage their accounts and perform marketing campaigns directly from their own websites or platforms.
The Okta breach was accomplished through a similar method as MailChimp, by social-engineering a contractor who had access to internal customer support and account management systems.
BleepingComputer has sent MailChimp and Trezor further questions about the breach but has not heard back.
News URL
Related news
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- HPE investigates breach as hacker claims to steal source code (source)
- CISA: Hackers still exploiting older Ivanti bugs to breach networks (source)
- Hackers exploiting flaws in SimpleHelp RMM to breach networks (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- zkLend loses $9.5M in crypto heist, asks hacker to return 90% (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Hackers pose as employers to steal crypto, login credentials (source)
- North Korean hackers linked to $1.5 billion ByBit crypto heist (source)
- Orange Group confirms breach after hacker leaks company documents (source)