Solana Foundation Reveals Security Incident Involving Mailchimp Emails

JAKARTA - The Solana Foundation, the non-profit organization of the Solana Network, disclosed on January 14 a security incident involving email service provider Mailchimp.

According to emails sent to users and seen by Cointelegraph, the Foundation was notified by Mailchimp on January 12 that "unauthorized actors accessed and exported certain user data from Mailchimp Solana Foundation instances."

Among the information accessed and exported in the incident were Telegram usernames and usernames.

"Based on the information we received from Mailchimp, the affected information may include, inter alia, Telegram email addresses, names, and usernames, in each case only to the extent that users provide such information. Mailchimp advises that the incident did not affect passwords or credit card information," said the Solana Foundation, quoted by Cointelegraph.

The number of users affected by the incident is unclear. There was no official announcement from Solana or Mailchimp regarding the incident at the time of publication. Solana did not immediately respond to Cointelegraph's request for comment.

A few weeks ago, another crypto company had users' emails exposed by a third-party provider. As reported by Cointelegraph on December 13, hackers gained access to 5,701,649 lines of information relating to customers of the Gemini crypto exchange, including email addresses and part of phone numbers.

This is not the first time a crypto company has run into security issues with Mailchimp. In August 2022, email marketing platform Mailchimp suspended its services for crypto content creators and platforms related to crypto news or related services. The user started having trouble logging into the account, followed by a service outage notification.

At the time, Mailchimp stated that “across the tech industry, bad actors are increasingly deploying a sophisticated array of phishing and social engineering tactics targeting the data and information of crypto-related companies.”

The company also said that “in response to the recent attack targeting Mailchimp crypto-related users, we have taken proactive action to temporarily suspend account access for accounts where we detected suspicious activity while we investigate the incident further.”

Beosin's 2022 Global Web3 Security Report revealed 167 major security incidents during 2022, with DeFi projects being attacked 113 times, which accounts for approx. 67.6% of recorded attacks.