Mailchimp, company which manages newsletters and mailing lists has one more problem (the same each time, I would say). They confirmed they had another leak:
Mailchimp is used by many companies which are lazy enough to create/use their own mailing system and recently many users had received emails like that:
NEAR Web Wallet Security Update
Hello NEAR community,
We are reaching out to notify you of a security incident at Mailchimp that may have impacted members of the NEAR ecosystem.
On Thursday January 12th, Mailchimp, one of our external email management tools, notified us that as a result of a breach of Mailchimp’s systems, an unauthorized actor accessed a Mailchimp account. We are contacting you because your email address is stored in this affected Mailchimp instance.
According to Mailchimp, this breach only involved email addresses and did not include breach of passwords or credit card data. Based on Mailchimp’s public disclosure on January 13th, at least 133 Mailchimp accounts across its platform were affected in a broader incident targeting the Mailchimp platform. Mailchimp’s related blog post can be read here.
At the current time, Mailchimp has been unable to confirm whether the email address data in the affected Mailchimp instance was downloaded. However, out of an abundance of caution, we wanted to flag this breach to the NEAR community.
It is important to note that we do not store data that could be used to compromise NEAR wallets. We currently have no reason to believe any information other than email addresses might have been accessed. Regardless, as a precautionary measure, we request that you increase your vigilance regarding possible phishing attempts, and malicious actors could be posing as NEAR or any of its ecosystem partners through email communications. NEAR Foundation, Pagoda and the Wallet team will only send emails from @near.foundation, @near.org or @pagoda.co.
Additionally, please note that NEAR will never email you asking to make transactions or soliciting your business. We will never ask for your password or private key, promote airdrops of $NEAR or other tokens associated with the NEAR ecosystem, or solicit any type of payment or request to sell your digital assets.
To ensure NEAR ecosystem user security and privacy, Our security team is continuing to work with Mailchimp in its investigation. We will keep you updated as Mailchimp’s investigation continues to unfold.
As always, we hope you are currently observing and will continue to observe careful measures with the security of your wallet. Here is a list of best practices as it pertains to self-custody wallets.
Best Practices for Self-Custody Wallets
Utilize a mixture of hot and cold wallets—hot wallets are connected to the internet, cold wallets are not.
Choose a hot wallet strictly for smaller, convenient NEAR transactions
Do not store all of your tokens in a hot wallet
Utilize a hardware wallet, such as a Ledger, to store tokens and make larger transactions.
Ensure you are utilizing the right URL for your wallet. Inspect links for correct URLs before clicking.
Avoid wallet names that contain identifying information, such as names or email addresses.
Use a private browser session for wallet transactions, disabling third-party plugins.
Check transactions before you sign or approve them.
Never connect your NEAR wallet or click-through unsolicited links.
Never store your recovery phrases for wallets with significant tokens in password managers, emails, or on a computer that may be connected to the internet.
Only interact with NEAR Foundation via official channels. Our social media accounts, Discord, and Telegram channels can be found at
https://near.org/ecosystem/community/. Our official accounts are verified and have the verification marks.
Be suspicious of unofficial channels and offers that appear to be too good to be true.