MailChimp漏洞公开了数百个客户帐户

　　最大的营销自动化平台和电子邮件营销服务之一MailChimp在周末被违反了，攻击者逃脱了一百多个邮件列表 。 　　邮件列表后来被用来针对具有网络钓鱼攻击的人 ，以试图窃取他们的钱和加密货币持有
。 　　正如BleepingComputer报道的那样
，MailChimp在周日宣布违规行为。显然，许多员工因社会工程攻击而摔倒 ，并偷走了证书 。 　　你可能喜欢 　　毒品活动劫持业务CRM和电子邮件帐户以发送大量垃圾邮件 　　haveibeenpwned所有者受到网络钓鱼攻击
，偷走了他的mailchimp邮件列表 　　Zapier告诉客户他们的数据可能已访问 　　Techradar需要您！ 　　我们正在研究读者如何使用具有不同设备的VPN，以便我们可以改善内容并提供更好的建议
。这项调查不应花费超过60秒的时间。感谢您参加 。 　　>>单击此处在新窗口中开始调查 << 　　Targeting Trezor users 　　The stolen accounts were quickly terminated, and MailChimp took additional steps to prevent other employees from being affected, the company said. But the damage had already been done. 　　With the stolen credentials, the attackers accessed 319 MailChimp accounts and exported “audience data”, including mailing lists from 102 customer accounts. 　　They also accessed API keys (now defunct) from an unknown number of customers. With the keys, the attackers can create custom email campaigns and send them to mailing lists without accessing the MailChimp customer portal. 　　One of the companies whose customers were targeted with a phishing attack was hardware crypto wallet company Trezor. Soon after the breach, Trezor customers started getting an email that stated that the company had suffered a data breach, and invited users to download a program to help them reset the PINs on their hardware wallets. 　　Are you a pro? Subscribe to our newsletter 　　Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. 　　The program disguised a malware strain that allowed attackers to steal the contents of the wallet.Read more 　　> What is phishing and how dangerous is it? 　　> 黑客找到了一种聪明的新方法来窃取您的Microsoft 365凭据 　　> Google更新旨在帮助您发现工作区网络钓鱼骗局 　　Siobhan Smyth ，MailChimp和Rsquo os Ciso告诉BleepingComputer
，该公司通知了所有受损的帐户持有人，其中包括加密货币和财务部门
。 　　她重申了将多因素身份验证作为防止攻击的额外保护层的重要性。 　　"We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers. We take pride in our security culture, infrastructure, and the trust our customers place in us to safeguard their data. We’re confident in the security measures and robust processes we have in place to protect our users’ data and prevent future incidents, ” Smyth said.The internet is a dangerous place,而且精彩的防病毒软件仍然是必须的 　　通过BleepingComputer