Details of the Mailchimp data breach

2022-4-15 19:45

Security noticesAn overview of the social engineering attack on our mailing provider.

On April 3 2022, it was brought to our attention that a phishing email had been sent to a one-time-use email address, alerting us to a data breach. On further investigation, it was discovered that the third-party newsletter provider Mailchimp, used for marketing communications, had been repeatedly compromised over the course of several months. This blog describes the timeline of events and the steps Trezor have taken to minimize the impact of this situation.

What happened?

As described in our blog released immediately following the incident, four Mailchimp employees were targeted by phishing campaigns across many weeks, resulting in them providing secure access keys to attackers. We do not know the details of how they were phished.

The first attack happened in February, though no data was compromised. It then happened again one month later, and again on April 2. The earlier attacks targeted databases of over 200 crypto and finance companies, while the final attack appears to have targeted Trezor’s account alone.

We are most surprised by the lack of transparency and cooperation from Mailchimp regarding the attacks. We received one email to a catch-all support email about “possible risks” but did not learn of these attacks until we discovered the leak and started pushing for answers. Now that we have access to the affected customer data, it is clear that not only were subscriber email addresses stolen, but also data of people who unsubscribed, and in some cases names and IP addresses.

Why has it taken until now to provide more information?

The social engineering attacks led to multiple breaches over several months, but it was not until now that we were able to regain access to our data and begin contacting the affected users.

While we immediately communicated the incident to our community following the breach, it has taken a long time to understand the true scope of the attack, as Mailchimp has been slow to provide actionable details from their side since we first began our inquiry a week and a half ago.

What now?

This is the first time we have suffered a data breach and we know we have let our customers down. We believed we had chosen a robust solution that would handle our subscriber data appropriately, and Mailchimp remains the largest platform of its kind in the world. Clearly we were mistaken.

We will not be using Mailchimp any more, except to share details with the affected users. We urge any company who has used Mailchimp to immediately reach out to see if you have been affected, as they have not been proactive in their communication.

We will begin migrating to a new mailing platform once we have thoroughly assessed other options for compliance and data security. As we have seen in recent years, phishing is a threat not just to consumers but also to companies. That said, it is inexcusable to hide the fact that customer data was attacked until being called out, and we are disappointed by Mailchimp’s slow cooperation in the investigation.

We acknowledge that there’s still a lot of work to do to educate the world on cybersecurity essentials and will continue to do our best to ensure that our customers know how to protect their data to the fullest.

Details of the Mailchimp data breach was originally published in Trezor Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Streamr DATAcoin (DATA) íà Currencies.ru

$ 0.0329006 (+0.76%)
Îáúåì 24H $1.987m
Èçìåíåèÿ 24h: 2.60 %, 7d: -8.27 %
Cåãîäíÿ L: $0.0310604 - H: $0.0330459
Êàïèòàëèçàöèÿ $35.398m Rank 634
Öåíà â ÷àñ íîâîñòè $ 0.0731102 (-55%)

data breach mailchimp details

data breach → Ðåçóëüòàòîâ: 126


Bankrupt Bitcoin ATM Firm Coin Cloud Suffers Data Breach: 300,000 Customers’ Sensitive Info Stolen

The crypto world is facing a new security challenge as Coin Cloud, a prominent Bitcoin ATM operator, recently became the target of a significant data breach. This incident comes at a challenging time for the company, which filed for bankruptcy earlier this year amid the crypto market downturn and the fallout from the FTX collapse. […]

2023-11-13 21:00


218M ‘Words with Friends’ players’ data reportedly stolen in Zynga hack

Popular social game developer Zynga has reportedly become the latest victim of a massive data breach impacting some 218 million Words with Friends accounts. On September 12, the company disclosed that “certain player account information may have been illegally accessed by outside hackers,” but didn’t disclose any details about the scope of the breach and the number of players who may have had their information stolen.

2019-10-1 09:40


Cybersecurity vendor that protects firms from data breaches hit by data breach

You know it’s a bad day for cybersecurity when a leading provider of internet firewall services that helps safeguard websites from malicious attacks suffers from a security breach of its own. Imperva, a popular California-based security vendor, disclosed that data belonging to an unspecified subset of users of its cloud firewall product was exposed online.

2019-8-28 14:58


Can We Trust Libra After Facebook $5 Billion Fine For Abusing Users’ Privacy?

Watch Will’s analysis on how, after the endless scandals and mishandling our data, Facebook will now have to pay the price of $5 Billion to FTC for the privacy breach, and can we still bet on Libra? If the video doesn’t load, click on the direct link to the video: Facebook $5 Billion FTC Fine […] The post Can We Trust Libra After Facebook $5 Billion Fine For Abusing Users’ Privacy? appeared first on CCN Markets

2019-7-27 14:39


Ôîòî:

Crypto Lending Platform YouHodler Exposes Millions of Privacy Records

Cryptocurrency lending platform YouHodler exposed privacy data, including crypto wallet addresses, from thousands of its cryptocurrency users, vpnMonitor reports. Data breach Is Severe with Widespread Implications vpnMentor and a team led by data scientists Noam Rotem and Ran Locar discovered a significant cryptocurrency data breach affecting 86 million records.

2019-7-25 08:35


Storecoin brings tokenized data to the masses, announces latest milestone-based token offering

With every policy shift, every deplatforming, and every data breach, our faith in Big Tech decreases. In Washington, the drums of anti-trust beat ever louder. But what consumers truly want isn’t necessarily a break up of today’s tech companies: they […] The post Storecoin brings tokenized data to the masses, announces latest milestone-based token offering appeared first on CoinMarketCap.

2019-6-21 15:00


Quest Patient Data Exposed: Could the Blockchain Have Prevented It?

By CCN: A major data breach has rocked Quest Diagnostics, exposing the personal details of nearly 12 million patients in the process. The incident, which was reported in a public filing, occurred on May 14 after centralized third-party billing company American Medical Collection Agency (AMCA) informed the diagnostic testing company about “potential unauthorized activity” on a “web payment page.

2019-6-4 01:15


Data Breach Report From Instagram Raises Concerns About Upcoming Facebook’s Digital Currency

Facebook, the most popular social network in the world, has been affected by different data leaks over the last years. This has harmed users and individuals that had data stored on their platform. Now, the security researcher Anurag Sen discovered that there was a public Amazon Web Services (AWS) database that had the information of […]

2019-5-21 18:33


Verizon Security Research: Over 20% Of Data Breaches Thought to Be Carried Out By Nation State Actors

Verizon’s 2019 Data Breach Investigations Report (DBIR), released Wednesday, which analyzed more than 41,000 cybersecurity incidents and over 2,000 data breaches from 86 countries. It found that cyber attacks by nation states and parties affiliated with them represented 23% of data breaches, up from 12% in 2018 and 19% in 2017, Corporate spying is on […]

2019-5-9 19:16


How Blockchain Can Solve Modern Identity Theft Crisis and Be a Core Reason for “No More ID Theft”

Identity theft is a major worry for many people today. This was compounded by the Equifax breach that leaked the data of over 140 million Americans. The data in that breach included information such as addresses and social security numbers in addition to names and phone numbers. It was a nightmare scenario and there has […]

2019-4-10 19:41


Ôîòî:

Lazarus Hacker Group Continues to Target Crypto Using Faked Trading Software

This article was originally published by 8btc and written by Lylian Tang. The Chinese security service provider 360 Security has issued a warning that a large number of crypto exchanges have been targeted by the North Korean hacker group Lazarus and that the number is still rising after the recent hacks of crypto exchanges DragonEx, Etbox and BiKi.

2019-4-2 21:54