The accounts of 133 corporate customers of email marketing service provider Mailchimp have been hacked, the third time the company has been compromised in less than a year, after employees became victims of social media attacks.
“On January 11th, the Mailchimp security team identified an unauthorized actor accessing one of our tools used by Mailchimp customer-facing teams for customer support and account administration,” The company said in a statement, “The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and gained access to select Mailchimp accounts using employee credentials compromised in that attack.”
With access to customer accounts, hackers can send phishing messages on a large scale.
Mailchimp is owned by Intuit. The company said there is no evidence that the settlement affected Intuit systems or customer data beyond 133 Mailchimp accounts.
According to TechCrunch, One of the victims is the e-commerce platform WooCommerce. It quoted WooCommerce as saying that it had been notified by Mailchimp that the breach may have exposed the names, store web addresses and email addresses of its customers. No customer passwords or other sensitive data was taken.
“After identifying evidence of an unauthorized actor, we temporarily suspended account access for Mailchimp accounts where we detected suspicious activity in order to protect our users’ data,” the statement said. “We notified primary contacts for all affected accounts on January 12, less than 24 hours after the initial discovery.
That afternoon, the company sent another email to affected accounts detailing steps it had taken to help users safely restore access to their Mailchimp accounts. Since then, Mailchimp said, it has been working directly with users to help restore their accounts, answer questions and provide any additional support they may need.
In April 2022, the company accepted Hackers had accessed Mailchimp’s customer support and account management tools To steal audience data and conduct phishing attacks. And last August, mailchimp said it fell victim From social media attack. The company said at the time, “On August 8th, our security team became aware that an unauthorized actor was accessing one of our tools used by customer-facing teams for customer support and account administration. ” “The incident was propagated by an unauthorized actor who conducted a social engineering attack on Mailchimp employees, and gained access using employee credentials compromised in that social engineering attack.”
In that incident, 214 customer accounts were compromised, mainly from cryptocurrency and finance-related companies.
“We know that incidents like this can cause uncertainty, and we are deeply sorry for any frustration,” the company said of the most recent attack. “We are continuing our investigation and will provide timely and accurate information to affected account holders throughout the process.”
“Unauthorized access to 133 customer accounts is a very significant security incident for such a large company. Mailchimp,” commented Ilya Kolochenko, founder of ImmuniWeb and member of the Europol Data Protection Experts Network,
“The alleged attack vectors of social engineering and password reuse are extremely efficient today. Despite multi-layered cyber-defenses and the most advanced security controls, many large businesses regularly fall victim to this,” he said in an email. “In addition, the alleged hacked account of a technical support specialist likely had access to a significant number of customer accounts, which is evidence that the incident was detected and contained in a timely manner.” Was.”
