Email Service Provider MailerLite Falls Victim to Phishing Attack
Email service provider MailerLite recently experienced a phishing attack, specifically targeting the crypto market. The company disclosed this information to Decrypt on Tuesday.
Details of the Attack
According to MailerLite, the attack occurred when a support team member unknowingly clicked on a deceptive link, entered their Google credentials, and confirmed the second-factor challenge. This granted hackers access to MailerLite’s internal system.
With this unauthorized access, the attackers executed a password reset for a specific user on the admin panel, allowing them to impersonate user accounts. The focus of the attack was solely on cryptocurrency-related accounts.
Extent of the Breach
The perpetrators were able to access 117 accounts. Although only a small number of these accounts were used for phishing campaigns, personal information such as names and email addresses were exposed.
Affected accounts included CoinTelegraph, Wallet Connect, Token Terminal, De.Fi, and Decrypt. However, no emails were sent or contacts exported from Decrypt’s account.
The Stolen Funds
By disguising their malicious links within MailerLite’s templates, the hackers managed to steal over $580,000. The address where these funds were sent was shared by internet sleuth ZachXBT.
Web3 security firm Blockaid estimated that the total amount stolen exceeded $600,000.
Response and Resolution
Upon discovering the incident, MailerLite promptly identified and resolved the issue, cutting off the attackers’ access method. They confirmed that the breach has been fully stopped.
The company is actively monitoring the situation and will implement necessary changes to internal processes. This includes addressing employees who did not adhere to security protocols and focusing on improved security training.
Hot Take: Phishing Attack Highlights the Importance of Vigilance
The recent phishing attack on MailerLite serves as a reminder of the constant threat faced by individuals and businesses in the crypto market. It emphasizes the need for heightened vigilance when dealing with sensitive information and reinforces the importance of robust security measures.
By
By