An insider exploit of MailChimp's newsletter database has resulted in Trezor users being targeted in a malicious phishing scam.