Email marketing service Mailchimp revealed a data breach on Monday that compromised an internal tool to gain unauthorized access to customer accounts and stage phishing attacks.

The development was first reported by Bleeping Computer.

The company, which was acquired by a financial software company Intuitive in September 2021, told the publication that she became aware of the incident on March 26 when she became aware of a malicious party accessing the customer support tool.

“The incident was propagated by an external actor who successfully carried out a social engineering attack against Mailchimp employees, which compromised employee credentials,” said Siobhan Smyth, chief security officer. information at Mailchimp.

Although Mailchimp said it acted quickly to terminate access to the hacked employee account, the siphoned credentials were used to access 319 MailChimp accounts and further export mailing lists relating to 102 accounts.

The unidentified actor also allegedly gained access to API keys for an unspecified number of customers, which the company says have been disabled, preventing attackers from misusing API keys to mount phishing email campaigns. .

In the wake of the breach, the company also recommends customers enable two-factor authentication to secure their accounts against takeover attacks.

The acknowledgment comes as cryptocurrency holding company Trezor said on Sunday that it was investigating a potential security incident resulting from an opt-in newsletter hosted on Mailchimp after the actor repurposed stolen data to send malicious emails alleging that the company had suffered a security incident.

The scam email, which came with a supposed link to download an updated version of the Trezor suite hosted on what is actually a phishing site, tricked unsuspecting recipients into connecting their wallets and entering the seed phrase on the trojanized lookalike app, allowing the adversary to transfer the funds to a wallet under their control.

“This attack is exceptional in its sophistication and was clearly planned to a high level of detail,” Trezor explained. “The phishing app is a cloned version of Trezor Suite with very realistic features, and also includes a web version of the app.”

“Mailchimp has confirmed that its service has been compromised by an insider targeting crypto companies,” Trezor said later. tweeted. “We managed to take the phishing field [trezor.us] offline,” warning its users to refrain from opening company emails until further notice.

The American company has not yet specified whether the attack was carried out by an “insider”. It is also unclear at this point how many other cryptocurrency platforms and financial institutions are affected by the incident.

A second confirmed victim of the breach is Decentraland, a 3D virtual world browser-based platform, which revealed on Monday that “the email addresses of its newsletter subscribers were leaked in a data breach. Mailchimp”.