The company said that hackers had penetrated their systems using an internal tool and stole the data of greater than 100 of the service’s clients.
Email marketing platform, Mailchimp, includes confirmed that it was a hacking victim.
The infiltration was reportedly performed using an internal tool, and the company says the hackers managed to steal data from more than a hundred of its clients.
While the company announced the breach on Monday, initial reports of the hacks had jumped up over the weekend. Cryptocurrency wallet Trezor peeped a day before the disclosure that MailChimp had verified the hack, and they were trying to resolve how many emails id’s were affected.
MailChimp’s Chief Information Security Officer Siobhan Smyth said that the company first found the breach on March 26th, when it detected unauthorized use of an internal tool provided to its customer support and administrative teams.
The company said they instantly deactivated the accounts, but the hackers could still access 300 MailChimp accounts and obtained data from 102.
“We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers. However, we take pride in our security culture, infrastructure, and the trust our customers place in us to safeguard their data. We’re confident in the security measures and robust processes we have in place to protect our users’ data and prevent future incidents,” said Smyth.
Crypto wallet Trezor published a blog that said that hackers managed to gain access to MailChimp’s internal tools through successful social engineering.
The hackers used one of the stolen email lists to send out phishing emails to Trezor clients that the company states were “exceptional in its sophistication and … planned to a high level of detail.”
It even kept a cloned rendition of Trezor’s app, presenting a reasonable aesthetic for users tricked into using it. MailChimp has stated that it has notified all users affected by the breach.