According to an email sent to users, an unauthorized actor accessed and exported certain user data from the Solana Foundation’s Mailchimp instance.
Solana Foundation, the non-profit organization of the Solana Network, disclosed on Jan. 14 a security incident involving its email service provider Mailchimp.
According to an email sent to users and seen by Cointelegraph, the Foundation was informed by Mailchimp on Jan. 12 that "an unauthorized actor accessed and exported certain user data from the Solana Foundation’s Mailchimp instance."
Among the information accessed and exported in the incident were user's names and Telegram usernames. The Solana Foundation stated:
"Based on the information we have received from Mailchimp, the affected information may have included, inter alia, email addresses, names, and Telegram usernames, in each case only to the extent users provided any such information. Mailchimp advised that the incident did not affect passwords or credit card information."
The number of users affected by the incident is unclear. There was no official announcement from Solana or Mailchimp regarding the incident at the time of publication. Solana did not immediately respond to Cointelegraph’s request for comment.
Few weeks ago, another crypto company had user's emails exposed by third-party providers. As reported by Cointelegraph on Dec. 13, hackers gained access to 5,701,649 lines of information pertaining to customers of crypto exchange Gemini, including email addresses and partial phone numbers.
It is not the first time crypto companies have experienced security issues with Mailchimp. In August 2022, the email marketing platform Mailchimp suspended its services to crypto content creators and platforms associated with crypto news or related services. Users started to experience issues logging into accounts, followed by notices of service interruptions.
At the time, Mailchimp stated that “across the tech industry, malicious actors are increasingly deploying an array of sophisticated phishing and social engineering tactics targeting data and information from crypto-related companies.”
The company also said that "in response to a recent attack targeting Mailchimp’s crypto-related users, we’ve taken proactive measures to temporarily suspend account access for accounts where we detected suspicious activity while we investigate the incident further.”
The Beosin Global Web3 Security Report 2022 revealed 167 major security incidents over 2022, with DeFi projects attacked 113 times, which accounted for approx. 67.6% of recorded attacks, Cointelegraph reported.