Malichimp is is a marketing automation platform and email marketing service. "Mailchimp" is the trade name of its operator, Rocket Science Group, an American company founded in 2001.
In crypto side, many blockchain foundations and protocols have used this platform to send emails to their users and communicate effectively with community.
On January 11, Mailchimp Security team identified an unauthorized actor accessing one its tools used by customer-facing teams for customer support and account administration. The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access using employee credentials compromised in that attack.
After we identified evidence of an unauthorized actor, Mailchimp temporarily suspended account access for accounts where we detected suspicious activity to protect our users’ data.
Mailchimp sent another email to affected accounts with steps to help users reinstate access to Mailchimp accounts safely.
Based on investigation to date, it appears that 133 Mailchimp accounts were affected in this targeted incident.
Incidents like this can cause uncertainty.
The affected information may have included, inter alia, email addresses, names, and Telegram usernames, in each case only to the extent users provided any such information. Mailchimp advised that the incident did not affect passwords or credit card information.
Please also keep in mind self-custody best practices:
- Know what transactions you are signing.
- Always use multiple hot and cold wallets.
- Designate a hot wallet for any transaction.
- Never keep more tokens than necessary in your transaction wallet.
- Never connect your wallet to an unsolicited link.
Source: Mailchimp