(Some of you may be reading this post because we sent you the link using MailChimp!)
The post was first published on 5 April 2022
Update 26 4 2022
Now Mailchimp’s owners, Intuit, are being sued for alleged losses arising through the theft of crypto-currency from one or more digital wallets, due to these security issues.
Intuit sued over alleged cryptocurrency thefts via Mailchimp • The Register
Levinson v. Intuit, Inc. et al. – 5:22-cv-02477 (regmedia.co.uk)
Original post from 5 April 2022
Although this appears to be a targeted attack against carefully selected high-value companies using the Mailchimp service, it still remains that the hacker had time inside the MailChimp systems to be this selective.
Mailchimp: Cryptocurrency clients’ mailing-list info stolen • The Register
The targets were finance and cryptocurrency organisations. 319 accounts were accessed and data stolen from 102 of them.
This appears to have started with an employee being taken in by a social engineering attack.
