MailChimp discloses new breach after employees got hacked

[enaph]

Content source

https://www.bleepingcomputer.com/news/security/mailchimp-discloses-new-breach-after-employees-got-hacked/

Email marketing firm MailChimp suffered another breach after hackers accessed an internal customer support and account administration tool, allowing the threat actors to access the data of 133 customers.


MailChimp says the attackers gained access to employee credentials after conducting a social engineering attack on Mailchimp employees and contractors. The attack was first detected on January 11th, after MailChimp detected the unauthorized person accessing their support tools."After we identified evidence of an unauthorized actor, we temporarily suspended account access for Mailchimp accounts where we detected suspicious activity to protect our users’ data," reads a statement about the security incident.

"We notified the primary contacts for all affected accounts on January 12, less than 24 hours after initial discovery."


As first reported by TechCrunch, one of the customers affected by this breach is the massively popular WooCommerce eCommerce plugin for WordPress. WooCommerce has emailed customers warning them that the MailChimp breach exposed their names, store URLs, addresses, and email addresses.

MailChimp discloses new breach after employees got hacked

Email marketing firm MailChimp suffered another breach after hackers accessed an internal customer support and account administration tool, allowing the threat actors to access the data of 133 customers.

www.bleepingcomputer.com

 

[Stopspying]

MailChimp discloses new breach after employees got hacked

Email marketing firm MailChimp suffered another breach after hackers accessed an internal customer support and account administration tool, allowing the threat actors to access the data of 133 customers.

www.bleepingcomputer.com

In an article on this on 'The Register' they say "..This is the second data spill in five months and yet the company, bought by Intuit for $12 billion in September 2021, continues to tell customers – with a straight face – that it takes the "security of users' data seriously..."

I hope that this doesn't mean that we have a similar stance taken to losing customers data to that of Lastpass!

Mailchimp 'fesses up to second digital burglary in 5 months

Social engineering helped intruders break into customers' inboxes again

www.theregister.com

 

[upnorth]

“Based on our investigation to date, this targeted incident has been limited to 133 Mailchimp accounts. There is no evidence that this compromise affected Intuit systems or customer data beyond these Mailchimp accounts,” the company said in a notice published on its website.

In response to the breach, Mailchimp suspended access for the targeted accounts and notified impacted customers. Some of those customers have started informing their own customers about the incident. One of the first to do so was WooCommerce, the WordPress ecommerce plugin made by Automattic, the company behind WordPress.com.

How Many Websites Use Woocommerce in 2022: By the Numbers

Woocommerce is one of the most popular eCommerce platforms in the world. It's used by millions of websites, but how many websites use Woocommerce actually?

www.businessdit.com

Online gambling service FanDuel has also informed customers that their name and email address may have been compromised.

Limited to 133 accounts. Nice try!


Blockchain and cryptocurrency companies like Solana Foundation, Yuga Labs was also hit. More info here:

Companies Impacted by Recent Mailchimp Breach Start Notifying Customers | SecurityWeek.Com

Companies affected by the recent Mailchimp data breach have started notifying customers. The list includes WooCommerce, FanDuel, Yuga Labs and Solana Foundation.

www.securityweek.com