Mailchimp has confirmed that hackers used an internal tool to steal data from more than 100 of its clients — with the data being used to mount phishing attacks on the users of cryptocurrency services.

The breach was confirmed to the press by Mailchimp on Monday, but it had come to light over the weekend when users of the Trezor hardware cryptocurrency wallet reported being targeted by sophisticated phishing emails.

Mailchimp CISO Siobhan Smyth said that the company had become aware of the breach on March 26th when it detected unauthorized access of a tool used by the company’s customer support and account administration teams. Although Mailchimp deactivated the compromised employee accounts after learning of the breach, the hackers were still able to view around 300 Mailchimp user accounts and obtain audience data from 102 of them, Smyth said.

“We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers,” Smyth said. “We take pride in our security culture, infrastructure, and the trust our customers place in us to safeguard their data. We’re confident in the security measures and robust processes we have in place to protect our users’ data and prevent future incidents.”

READ
Critical Vulnerability in NVIDIA Container Toolkit Puts AI Applications at Risk