An unauthorized actor accessed and exported specific user data from the Solana Foundation’s Mailchimp instance, according to an email addressed to users.
Mailchimp notified the Foundation on January 12 that “an unauthorized actor accessed and exported specific user data from the Solana Foundation’s Mailchimp instance,” according to an email issued to users.
User names and Telegram usernames were among the information obtained and exported during the incident. According to the Solana Foundation:
“Based on the information we have received from Mailchimp, the affected information may have included, among other things, email addresses, names, and Telegram usernames, in each case only to the extent users provided any such information. Mailchimp advised that the incident did not affect passwords or credit card information.”https://cointelegraph.com/news/solana-foundation-warns-about-security-incident-with-mailchimp
It is unknown how many users were affected by the event. Neither Solana nor Mailchimp has made a formal statement on the event at the time of writing.
Another cryptocurrency company had its users’ emails leaked by third-party sources a few weeks ago. Hackers accessed 5,701,649 lines of information relating to users of the cryptocurrency exchange Gemini, including email addresses, on December 13.
It has happened before that cryptocurrency firms have encountered security difficulties with Mailchimp. Mailchimp, an email marketing provider, terminated its services to crypto content authors and sites affiliated with crypto news or similar services in August 2022. Users began having trouble logging into their accounts, followed by alerts of service outages.
Mailchimp noted that “malicious actors are increasingly utilizing an assortment of sophisticated phishing and social engineering strategies targeting data and information from crypto-related organizations throughout the IT industry.”
“In response to a recent attack on Mailchimp’s crypto-related users, we’ve taken preventative measures to temporarily restrict account access for accounts where we observed suspicious behavior while we examine the situation further,” the business added.
The Beosin Global Web3 Security Report 2022 identified 167 major security events over 2022, with DeFi projects targeted 113 times, accounting for around 67.6% of documented assaults.