MailChimp Suffers Data Breach Due to Social Engineering Attack
Hackers Gained Access to Data of 133 Customers.
MailChimp announced it has been victim to a social engineering attack that threat actors successfully performed on the company`s employees and contractors.
Hackers managed to obtain employee credentials and gain access to an internal customer support and account administration tool. The attack affected the data of 133 customers.
MailChimp detected the attack on January 11th, after discovering an unauthorized person accessed their support tools.
No Financial Data Revealed
Customers were announced their accounts have been breached on January 12th, which is less than 24 hours since the attack was discovered. As the investigation is still ongoing, for safety reasons MailChimp preferred not to reveal further details on the attack or regarding the measures they took to mitigate its impact.
According to the company, customers` most sensitive data are still safe:
While we do not share customer information as a matter of course, we can share that no credit card or password information was compromised as a result of this incident
It appears that the information obtained by hackers only includes names, store URLs, addresses, and email addresses, which are still enough for threat actors to launch phishing attacks.
WooCommerce Is Among the Victims of the Cyberattack
The largely used WooCommerce eCommerce plugin for WordPress is one of the victims. Their customers were notified about their names, store URLs, addresses, and emails being exposed as a result of the MailChimp breach. According to WooCommerce, none of the sensitive information, such as passwords and payment data was leaked.
#Woocommerce Users receive this from a noreply email address as an information of a data #breach at #Mailchimp. #privacy #malware #dataprotection #itsecurity pic.twitter.com/O9AmA2cyBu
— Armin (@Arm_i_n) January 18, 2023
For MailChimp it is the second time in the last half of the year that they are breached. Another similar attack was successfully performed in August 2022, when the company`s employees were tricked by using phishing techniques. As a result, hackers gained access to 214 MailChimp accounts, but at that time they went for cryptocurrency-related customers.
Edge Wallet, Cointelegraph, NFT creators, Ethereum FESP, and Messari and Decrypt were some of the customers affected by the August MailChimp data breach.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.