According to an email sent to users, an unauthorized person accessed and exported certain user data from the Solana Foundation’s Mailchimp database.
Details about the Data Breach
On January 14, the Solana Foundation, the nonprofit organization of the Solana Network, disclosed a security incident involving its email service provider Mailchimp. The foundation was notified by Mailchimp on January 12 that an unauthorized person had accessed and exported certain user data from the Mailchimp database.
The affected information included usernames and Telegram usernames. The Solana Foundation stated:
Based on the information we received from Mailchimp, the information in question may include email addresses, names, and Telegram usernames, in each case only to the extent that users have provided such information. Mailchimp has said the incident did not give access to passwords or credit card information.
– Mailchimp
It is still unclear how many affected people are involved.
Not the first time
It often happens that crypto companies are confronted with a data breach. For example, on Dec. 13, hackers gained access to information about 5,701,649 customers of the crypto exchange Gemini, including email addresses and partial phone numbers.
It is also not the first time crypto companies have encountered security vulnerabilities with Mailchimp. In August 2022, the email marketing platform Mailchimp discontinued its services to crypto content creators and platforms related to crypto news or related services. Namely, users started experiencing problems logging into accounts, followed by service error messages. At the time, Mailchimp stated the following:
The entire technology industry is increasingly dealing with malicious individuals who, through sophisticated phishing and social engineering tactics, are after data and information from crypto-related companies.
– Mailchimp
After the recent attack, Mailchimp is taking proactive measures aimed at its crypto-related users to temporarily stop account access for accounts where they have detected suspicious activity. In the meantime, they are continuing to investigate the incident.