back to article Mailchimp: Crook stole cryptocurrency clients' mailing-list subscriber info

Mailchimp has confirmed a miscreant gained access to one of its internal tools and used it to steal data belonging to 100-plus high-value customers. The clients were all in cryptocurrency and finance-related industries, according to Mailchimp. "Our findings show that this was a targeted incident," the mailing-list giant's CISO …

  1. Anonymous Coward
    Facepalm

    Crypto, again

    For those who thought storing their crypto in in an offline wallet was safe, this just points out that it's not safe, it's only safer.

    You still need to understand security and not click through phishing emails.

    For individuals, crypto was, is, and will remain risky.

    1. Doctor Syntax Silver badge

      Professiona spammers again

      For avoidance of doubt,that's Mailchimp. Your semi-professional spammer bank, retailer or whatever, will happily send them PII of their customers and insist that they're doing nothing wrong under GDPR.

      1. Anonymous Coward
        Anonymous Coward

        Re: Professional spammers again

        I hate that particular bunch of monkeys as much as anyone else, but it is permissible for a Data Controller to use an outside organisation as a Data Processor to provide certain, well, data processing services for the Data Controller, as long as the Data Controller has a suitable contract in place and has verified that the Data Processor also complies with the GDPR, and that the Data Subject has consented to being subscribed to the email list (and/or that very sketchy 'existing relationship' clause, «sigh»).

        Admittedly, whatever Safe H Privacy Shield calls itself this week (and US data protection law in general) isn't worth the self-certifying paper it is written on, but you can always send a few euro in the direction of noyb and ask them to prod further (although my understanding, and, obviously, IANAL, is that use of this particular Data Processor is legal as long as Privacy Shield is (hmmm…)).

  2. Mike 137 Silver badge

    "100-plus high-value customers" [..] "all in cryptocurrency and finance-related industries"

    So businesses with this level of exposure couldn't be bothered to implement their own secured mailing list systems?

    1. ThatOne Silver badge
      Unhappy

      Re: "100-plus high-value customers" [..] "all in cryptocurrency and finance-related industries"

      > couldn't be bothered to implement their own secured mailing list systems?

      There is no warranty that anything they would had implemented themselves would had been any more secure...

      Security is hard to get right, and it's even harder to know if it has been done right, so there is clearly a lot of wannabe security out there only waiting to fail.

    2. lglethal Silver badge
      Trollface

      Re: "100-plus high-value customers" [..] "all in cryptocurrency and finance-related industries"

      Hey come on now, you cant expect them to be doing that. I mean if they had to roll their own mailing lists, when would they find the time to work on how to slowly and methodically steal all of their customers coins, launder them, and then when someone comes looking, claim a "hacker" stole all of the coins.

  3. heyrick Silver badge

    Well, what do you know...

    A reasonable examination of what happened, how it happened, and what they did.

    And it didn't mention the word "sophisticated" once. You watching, Emma? Or are you sleeping on the job?

  4. luminous

    You'd think a company this big would have a bunch of static IPs for employees to use (if WFH), and if a crook got hold of any login to their internal system it would be useless. Maybe this costs too much for capitalism?

    1. ThatOne Silver badge
      Devil

      Too inconvenient. Can't work from Starbucks. 'Nuff said.

  5. Howard Sway Silver badge

    clients were all in cryptocurrency and finance-related industries, according to Mailchimp

    Well, there certainly won't be many Bored Apes there today.

    1. heyrick Silver badge

      Re: clients were all in cryptocurrency and finance-related industries, according to Mailchimp

      Yeah, I browsed the site https://web3isgoinggreat.com/ linked here a few days ago and thought it was a massive windup.

      Maybe it actually is...

      1. Ian Johnston Silver badge

        Re: clients were all in cryptocurrency and finance-related industries, according to Mailchimp

        Same here. However, I followed a few of their links into crypto and NFA websites and disappeared down a rabbit hole of unbelievable stupidity for a couple of hours. It's like reading "sovereign citizen" stuff: all the words make sense but the combinations are gibberish.

  6. Anonymous Coward
    Anonymous Coward

    Hire monkeys, get nutty level of service

    Well, if you hire monkeys, I guess you will get a nutty level of service (and lots of peanut shells lying around).

    (I have to say that if you’re going to give your own company a name that not only implicitly insults your own techies, but also sounds like you are being contemptuous of your customers too, then I really don’t feel at all sorry for them in the slightest.)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like