Initially, the news of the MailChimp breach was shared by Trezor, a hardware cryptocurrency wallet via Twitter after they received phishing notifications claiming that Trezor suffered a data breach and users were asked to reset their hardware wallet PINs by downloading malicious apps.
Later on, MailChimp confirmed to Bleeping Computer and Techcrunch about the hacking incident. MailChimp became aware of the intrusion on March 26 after it identified a malicious actor accessing an internal tool used by the company’s customer support and account administration teams. They further added that some of their employees fell for a social engineering attack that led to the theft of their credentials.
"We acted swiftly to address the situation by terminating access for the compromised employee accounts and took steps to prevent additional employees from being affected." - Mailchimp CISO Siobhan Smyth said
With the help of the stolen credential, hackers access 319 MailChimp accounts and exported "audience data, from 102 customers accounts. MailChimp didn't share much detail on what data has been accessed by hackers.
Furthermore, hackers have also got access to the API keys for an undisclosed number of customers, allowing the attackers to potentially send spoofed emails, now it's been disabled and can no longer be used.
MailChimp has notified all the compromised account holders and suspended the accounts to prevent further damages. MailChimp recommends that all customers should enable two-factor authentication on their accounts for further protection. Mailchimp shared limited information about the incident and also they would not say how many other cryptocurrency services or financial institutions were affected by the incident.