Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense
Hub Image

IOTW: Social engineering attack sees Mailchimp hacked

Mailchimp employee account compromised by a social engineering attack

Add bookmark
Beth Maundrill
Beth Maundrill
04/07/2022
Social engineering attack sees Mailchimp hacked

Email marketing company, Mailchimp, has disclosed that it was targeted by hackers who gained access to and exported information from Mailchimp accounts.

The incident was first raised to the Mailchimp security team on 26 March and the company disclosed the attack publicly on 4 April.

“The incident was propagated by a bad actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised,” the company said.

Become a Cyber Security Hub member and gain exclusive access to our upcoming digital events, industry reports and expert webinars

Mailchimp said that as part of the same incident the bad actor attempted to send a phishing campaign to a user’s contacts from the user’s account with information they obtained during the March 26 attack.

Mailchimp said: “319 Mailchimp accounts were viewed and audience data was exported from 102 of those accounts. Our findings show that this was a targeted incident focused on users in industries related to cryptocurrency and finance.”

Targeting Bitcoin

Trezor, a bitcoin hardware wallet, confirmed it was affected by the Mailchimp incident and said it was carrying out an investigation on how customers may have been affected following an insider compromise of a newsletter database hosted on Mailchimp.

On 3 April Trezor users reported being targeted by a malicious phishing attack. The phishing email sent a message about Trezor experiencing a “security incident” involving a data breach. It then encouraged victims to download a Trezor Suite lookalike app, that asked Treor users to connect their Bitcoin wallets and enter their seed phrases.

Trezor said: “For this attack to be successful, users had to install the malicious software on their devices, at which point their operating system should identify that the software comes from an unknown source. This warning should not be ignored, all official software is digitally signed by SatoshiLabs.”

The company also said the only reason for customers to worry about their Bitcoin funds is if they entered their seed into the malicious app.

Protecting yourself against phishing attacks

Socially engineered attacks, like phishing attacks, see threat actors attempt to impersonate a trusted source in order to manipulate the victim into further action.

The multinational technology conglomerate, Cisco, says that social engineering attacks have grown increasingly sophisticated.

“Not only do fake websites or emails look realistic enough to fool victims into revealing data that can be used for identity theft, social engineering has also become one of the most common ways for attackers to breach an organization's initial defenses in order to cause further disruption and harm,” Cisco says.

There are a number of useful procedures that can be put in place in order to protect both individuals and organizations against these attacks:

  • Multi-factor authentication
  • Email security with anti-phishing defenses
  • Strong password management
  • Employee training to identify and avoid such attacks

Trezor noted that the leak of email addresses is most harmful as the victims are now likely to receive an increased number of phishing attempts.

Tags: Incident of the week IOTW Mailchimp Trezor social engineering phishing

Recommended

info@cshub.com/r/n

We hope you enjoy All Access from CS Hub!!<\/p>\r\n<p>Best Regards,<\/p>\r\n<p><a href=https://www.cshub.com/"https:////www.cshub.com///" target=\"_blank\">CS Hub Team<\/a><\/p>\r\n<p>P.S. Be sure to check out our other upcoming <a href=https://www.cshub.com/"https:////www.cshub.com//events?filter_format=ONLINE\%22 target=\"_blank\">All Access events here<\/a>.<\/p>\r\n<p>--------------------------------<\/p>\r\nConnect with us on Social Media: <a href=https://www.cshub.com/"https:////www.linkedin.com//groups//12067996///" target=\"_blank\">LinkedIn<\/a> | <a href=https://www.cshub.com/"https:////twitter.com//CSHubUSA/" target=\"_blank\">Twitter<\/a><\/p>\r\n<p>--------------------------------<\/p>\r\n<p>FAQS<\/p>\r\n<p><b>Can I invite my colleagues?<\/b><br>Yes of course! Please send them this link so they can register for free! [WebUrl]<\/p>\r\n\r\n<p><b>How do I access the sessions?<\/b><br>\r\nAll Access is run on Zoom Events. You should receive an email shortly from Zoom Events with your unique All Access link to the event lobby. Please hold on to that email ahead of the event. We\u2019ll also send you a reminder 24 hours before we go live!<\/p>\r\n\r\n<p><b>Will the agenda be updated?<\/b><br>\r\nYes, the agenda will be continuously updated on the website with the latest sessions & speakers. As we get closer to the event, also look out for our weekly updates which will also include the latest updates information and link to access the event.<\/p>\r\n<p><b>Can I access the sessions On Demand?<\/b><br>\r\nEvery session will be available after the event via the event lobby. We\u2019ll also send you a reminder about the On Demand sessions which will be sent to you after the event is over.<\/p>\r\n<p>--------------------------------<\/p>\r\n<p>RELATED RESOURCES TO READ BEFORE YOUR EVENT<\/p>\r\n<ul>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//executive-decisions//reports//cs-hub-mid-year-market-report-2022?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">CS Hub Mid-Year Market Report 2022<\/a><\/li>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//security-strategy//reports//ciso-strategies-for-proactive-threat-prevention?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">CISO strategies for proactive threat prevention<\/a><\/li>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//security-strategy//reports//how-to-strengthen-email-security-and-protection-against-advanced-ransomware-attacks?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">How to strengthen email security and protection against advanced ransomware attacks<\/a><\/li>\r\n<\/ul>","event_registration_srs_confirmation_email":null,"assets_from_cdn":true},"bant_disabled":0,"sponsorship_disclaimer":null,"sponsorship_disclaimer_text":null,"sponsorship_disclaimer_checkbox_disabled":0,"ext_treat_id":null,"recording_url":null,"file_attachment":null,"ingo_enabled":null,"ingo_activator_id":null,"ingo_autofiller_id":null,"ingo_amplifier_id":null,"ingo_authorizer_id":null,"restricted_content":0,"featured_events_embedded":[],"featured_content_embedded":[],"featured_content_portal_embedded":null}" >

FIND CONTENT BY TYPE

News Case Studies Interviews White Papers Videos

Cyber Security Hub COMMUNITY

About Us Power10 Contact Us Advertise with us Cookie Policy User Agreement Become a Contributor All Access from CS Hub Become a Member Today Media Partners

ADVERTISE WITH US

Advertise Now

JOIN THE Cyber Security Hub COMMUNITY

Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.

Cyber Security Hub, a division of IQPC

© 2026 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings.

Careers With IQPC | Contact Us | About Us | Cookie Policy