A recent email newsletter campaign from the NYC-based marketing agency Happy Cog had its email list exposed due to a security flaw.
The “mailchimp log4j” is a tool that provides information on the MailChimp server. The tool can be used to find out if any email addresses were leaked from the system.
This article first appeared on Decentraland.
Due to a Mailchimp data breach, bad actors may have obtained your email address; please be vigilant as they may attempt to send you emails impersonating the Decentraland Foundation.
What am I supposed to do now?
NEVER, EVER, EVER EVER EVER EVER EVER EVER EVER EVER EVER The Decentraland Foundation will never send you something to download or urge you to download anything straight from an email. If we have anything for you to download (like our future Desktop Client beta), we’ll send you to decentraland.org first to ensure your safety.
CHECK THE URL OF THE PAGE THAT THE LINK TAKES YOU TO IF YOU CLICK ON A LINK IN AN EMAIL. Always conclude the URL with ‘decentraland.org’. If you were referred to a website via a link, double-check that ‘decentraland’ is spelt properly and ends in ‘.org’ before taking any action. Here are a few instances of how phishing schemes could attempt to trick you:
- You may make your verification process quicker by bookmarking any Decentraland sites you visit regularly, such as the launch page, in addition to ensuring that the URL is right. Whether you’re on a website that you suspect is imitating a Decentraland page (one that you’ve already bookmarked), look to see if the bookmark star in the right corner of your search bar is highlighted, suggesting that you’re on the genuine deal, as seen below.
What caused this to happen?
On March 24, Mailchimp, the service used by the Decentraland Foundation to send out newsletters, was hacked in a targeted attempt on accounts that seem to all be associated to the bitcoin business. The Decentraland Foundation sought ization received complete confirmation from Mailchimp on April 2 that our account was one of the ones whose data had been hacked.
The malicious actors only accessed our newsletter mailing list (email addresses of anybody who has signed up to receive Decentraland newsletters), as well as certain user names, IP addresses, and timestamps.
The data breach was limited to a data download; the thieves never gained access to our Mailchimp account or were able to send verified emails from it. This implies that if they contact you, they may attempt to contact you using an email address that appears similar to ‘@decentraland.org,’ such as ‘@decentraland.com,’ some other version, or even ‘decentraland.org,’ utilizing coding methods like ‘ghost spoofing.’ We highly advise you to take the precautionary procedures outlined above and approach any communication that seems to be from the Decentraland Foundation with caution.
The work of the Decentraland Foundation in the battle against fraud
We were proactive in this case and reviewed our Mailchimp dashboard as soon as we learned of the hack to see if there was any suspicious behavior. Our legal team sought further information from the Mailchimp staff after seeing some strange behavior, and it was only then that we received proof that our account had been accessed. We’ve contacted Mailchimp for further information and to report on the security measures they’ll be implementing now and in the future.
Our legal team has been aggressively hunting for and removing phishing sites that we’ve discovered on the internet over the last several months. Scam bots on Discord, false look-alike websites that show up in search engine advertising, and bogus social media profiles on platforms like Twitter, Instagram, and Facebook are all examples of this cat-and-mouse game.
Our staff is always on the search for safer alternatives to all of the services and providers it uses in order to give our consumers with the most secure experience possible.
NEVER, EVER, EVER EVER EVER EVER EVER EVER EVER EVER EVER You are only required to download files from Decentraland’s official website.
Before taking any action on a website, ALWAYS double-check that the decentraland.org URL is valid.
Remember, the Decentraland Foundation will never ask for your secret pass, and we will never accept payments in Decentraland.
Please report any suspicious Decentraland communications to [email protected] so that we can do all we can to improve the platform’s and community’s security.
As an example:
As if Loading…
Please consider donating to us via one of our sponsors.
- has trezor been hacked