Ever since the MailChimp security breach on January 11, which led to the unidentified threat actors accessing one of its tools related to the customer-facing teams, competitors are trying to make the most of the situation.
MailChimp stated in a report that it experienced a social engineering attack affecting its employees and contractors. It exposed select MailChimp accounts and credentials averaging 133 accounts.
According to a tweet by Whale Coin Talk, Solana Foundation reported about a security incident on its email service provider MailChimp.
It further stated that usernames and Telegram usernames were exploited by cybercriminals. The number of affected users by the incident remains unclear.
Previous cyberattack on MailChimp
While the present attack was a social engineering attack on its employees impacting 133 accounts, the previous one gained access by exploiting its internal tools. Crypto customers were targeted in this attack that was disclosed by MailChimp on March 26, 2022.
In an email, company CISO Siobhan Smyth told BleepingComputer: “The incident was propagated by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised.”
This brings to light that threat actors have targeted specific MailChimp employees to whom they sent phishing emails with malicious instructions. When tapped, it led to a successful infiltration into their systems.
Despite keeping high-end security tools in place, organizations are targeted with social engineering attacks focussing on select employees. This incident impacted the 319 MailChimp accounts which were used to steal audience data likely from the mailing lists belonging to its 102 customer accounts.
The previous attack also led scammers to try to push their fraudulent emails alerting users about a potential data breach.
Reactions in the market after the MailChimp security breach
According to a tweet by Trezor, users were asked not to access emails from [email protected] that was registered under a phishing domain. Data belonging to Trezor was suspected to be exploited owing to the MailChimp security breach.
While MailChimps is making its systems secure, competitors are using this opportunity to advertise their alternatives to the concerned users and victims. A user on Twitter took this opportunity to share another product that might work in this scenario where MailChimp deemed unsecure.
Users have been speculating about the security protocols followed by MailChimp. Ever since the series of attacks on the email marketing and newsletter service occurred, users are speculating endless possibilities and probabilities. While some say that Solana must work more towards their security team, others are expressing trust in its systems and damage control mechanism.