Intuit is facing a class-action lawsuit for reportedly not securing its email marketing service, Bloomberg reported Friday (April 22).
The company’s error reportedly let hackers access cryptocurrency wallets sold by Trezor. Per the report, hackers used a “sophisticated” phishing attack that let them access crypto wallets by the Czech company and steal user funds.
On April 4, Intuit’s Mailchimp email marketing service reportedly said that hackers had gotten into the servers, harvesting “audience data” from 102 clients, including Trezor.
The report said the hackers had sent phishing emails to Trezor users, warning them that their accounts had been compromised and that they’d have to download a new version of the app, which would then ask for passwords and recovery codes, which the hackers would use to clear out those peoples’ digital wallets.
According to the report, the attack began when the hackers got access to Mailchimp’s email accounts after an employee clicked a malicious link.
One defendant, Alan Levinson, said the hackers had taken cryptocurrencies worth $87,000 from his account. A proposed class-action suit puts the blame on Intuit and Rocket Science Group, a subsidiary which runs Mailchimp.
Intuit has been accused of disregarding the rights of Trezor account holders and not taking “adequate and reasonable measures to ensure that its data systems were protected.”
PYMNTS wrote that crypto hackers have been making off with millions in large-scale thefts, with hackers stealing more than $100 million in a recent attack on Beanstalk, an algorithmic stablecoin project.
See also: Report: Crypto Thefts Already Approaching 2021’s Total of $3.2B
The hackers reportedly took $182 million from digital assets, which amounted to almost all the ether held by the fund. That, according to reports, was the fifth-largest crypto hack on record.
It came as hackers have been stealing more than before, spurred by the pandemic’s impact on digital payments. According to the report, there have been 37 hacks in roughly 38 weeks that netted hackers $2.9 billion total — on pace to match the $3.2 billion stolen in all of 2021.