Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Mailchimp breach led to cyber security ‘negligence’ lawsuit

Intuit, the parent company of Mailchimp, is facing a lawsuit after a recent cyber security incident led to the theft of cryptocurrencies from a Trezor user.

user icon
Wed, 27 Apr 2022
Mailchimp
expand image

Mailchimp is one of the largest email marketing platforms and Trezor is one of the world’s most popular hardware wallets for storing cryptocurrencies.

According to reports by TechRadar and The Register, a lawsuit has been filed to a federal court in northern California, in which one Alan Levinson of Illinois claims to have fallen victim to a sophisticated phishing attack that resulted in the theft of tokens stored on his Trezor wallet.

While Levinson personally claims to have lost $87,000, he also claims that he’s probably not the only one to be tricked, and that the real damage is probably in the millions.

============
============

In early April, TechRadar reported on a data breach at Mailchimp, which saw attackers get away with more than a hundred email mailing lists.

The mailing lists were later used to target people with phishing attacks, in an attempt to steal their money and cryptocurrency holdings.

They also accessed API keys (now defunct) from an unknown number of customers. With the keys, the attackers could create custom email campaigns and send them to mailing lists without accessing the Mailchimp customer portal.

One of the companies whose customers were targeted with a phishing attack was Trezor.

Following the breach, Trezor customers started getting an email that stated that the company had suffered a data breach and invited users to download a program to help them reset the PINs on their endpoints.

The program disguised a malware strain that allowed attackers to steal the contents of the wallet.

[Related: Aussies lost nearly $100m to scams in March]

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.