Connect with us

Hi, what are you looking for?

Cyber Security

Trezor cryptocurrency wallets targeted with phishing attacks following Mailchimp compromise

Cryptocurrency hardware wallet owners are being targeted by a phishing scam spread via Mailchimp email distribution services.

Trezor, the manufacturer of crypto wallets, announced on social media that its customers are being sent fake data breach notifications via its newsletters powered by Mailchimp.

The company claimed that an “insider” is to blame for the phishing attacks, which Trezor says are also targeting other cryptocurrency firms.

“MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies,” the tweet reads.

“We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected.”

Suspicious finds

Mailchimp confirmed to The Daily Swig that the incident was discovered on March 26 by its security team, who became aware of a malicious actor accessing internal tools used for customer support and account administration

The company said that the phishing attacks were “propagated” by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised.

Siobhan Smyth, Mailchimp’s CISO, said: “We acted swiftly to address the situation by terminating access for the compromised employee accounts and took steps to prevent additional employees from being affected.

“We also conducted a robust investigation and engaged outside forensic counsel to understand what happened and the impact.

“Based on our investigation, we found that 319 Mailchimp accounts were viewed and audience data was exported from 102 of those accounts.

“Our findings show that this was a targeted incident focused on users in industries related to cryptocurrency and finance, all of whom have been notified.”

Further risks

Smyth said that the investigation also found that some accounts’ API keys posed a potential vulnerability. Out of an abundance of caution, the API keys were disabled, said Smyth, and protections were implemented.

“As a result of the security incident, we’ve received reports of the malicious actor using the information they obtained from user accounts to send phishing campaigns to their contacts.

“When we become aware of any unauthorized account access, we notify the account owner and immediately take steps to suspend any further access.

“We also recommend two-factor authentication and other account security measures for our users as added measures to keep accounts and passwords secure.”

Advertisement. Scroll to continue reading.

Smyth added: “We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers. We take pride in our security culture, infrastructure, and the trust our customers place in us to safeguard their data.

“We’re confident in the security measures and robust processes we have in place to protect our users’ data and prevent future incidents.”

Trezor said that it will not be communicating by newsletter until the situation is resolved, advising users not to open any emails appearing to come from Trezor until further notice.

“Please ensure you are using anonymous email addresses for bitcoin-related activity,” the company added.

Source: https://portswigger.net/daily-swig/trezor-cryptocurrency-wallets-targeted-with-phishing-attacks-following-mailchimp-compromise

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Cyber Security

The law enforcement agency says it has been tracking large volumes of cryptocurrency stolen by North Korean hackers during a summer of high-profile cyber...

Cyber Security

The well-known watch manufacturing company Seiko disclosed the data breach notification recently on Aug 2023, targeted by the notorious threat group BlackCat/ALPHV. BlackCat/ALPHV Group has been...

Cyber Security

Privileged users typically hold crucial positions within organizations. They usually have elevated access, authority, and permission levels in the organization’s IT systems, networks, applications,...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO