Mailchimp, an email marketing platform, has confirmed a data breach in which hackers stole data from more than 100 of its customers.
This follows a warning from Trezor hardware cryptocurrency users who claim to have been the target of a sophisticated phishing email campaign.
According to Mailchimp CISO, Siobhan Smyth, the company discovered the breach on March 26 after noticing unauthorised access to a tool used by the company’s customer support and account administration teams.
Despite disabling the compromised employee accounts, the attackers were still able to view about 300 Mailchimp user accounts and quickly gain an audience from 102 of them.
The attackers used the stolen email lists to send a fake data breach notification to Trezor customers. The users were prompted to download a new version of the Trezor Suite desktop application.
Trezor customers were directed to a phishing site that hosted a fake version of the application and was designed to steal the seed phrase, which would allow attackers to take over a user’s crypto wallet.
Trezor users are advised to report new phishing attempts directly to security @ trezor.io. Mailchimp has also contacted and notified the owners of all compromised accounts.
For more information, read the original story in TheVerge.