Heimdal
article featured image

Contents:

MailChimp announced it has been victim to a social engineering attack that threat actors successfully performed on the company`s employees and contractors.

Hackers managed to obtain employee credentials and gain access to an internal customer support and account administration tool. The attack affected the data of 133 customers.

MailChimp detected the attack on January 11th, after discovering an unauthorized person accessed their support tools.

No Financial Data Revealed

Customers were announced their accounts have been breached on January 12th, which is less than 24 hours since the attack was discovered. As the investigation is still ongoing, for safety reasons MailChimp preferred not to reveal further details on the attack or regarding the measures they took to mitigate its impact.

According to the company, customers` most sensitive data are still safe:

While we do not share customer information as a matter of course, we can share that no credit card or password information was compromised as a result of this incident

Source

It appears that the information obtained by hackers only includes names, store URLs, addresses, and email addresses, which are still enough for threat actors to launch phishing attacks.

WooCommerce Is Among the Victims of the Cyberattack

The largely used WooCommerce eCommerce plugin for WordPress is one of the victims. Their customers were notified about their names, store URLs, addresses, and emails being exposed as a result of the MailChimp breach. According to WooCommerce, none of the sensitive information, such as passwords and payment data was leaked.

For MailChimp it is the second time in the last half of the year that they are breached. Another similar attack was successfully performed in August 2022, when the company`s employees were tricked by using phishing techniques. As a result, hackers gained access to 214 MailChimp accounts, but at that time they went for cryptocurrency-related customers.

Edge Wallet, Cointelegraph, NFT creators, Ethereum FESP, and Messari and Decrypt were some of the customers affected by the August MailChimp data breach.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE