Mailchimp is one of the world’s largest email marketing and newsletters providers. In a statement, Mailchimp said that it was the victim of a major hack and that tens of millions of customer data was exposed. This breach is similar to another one that occurred back in June, which leaked personal information on nearly 50 million users. Officials aren’t sure if the two incidents are related, but they are investigating. If you were a customer who used Mailchimp in the past, you should probably worry about whether your information was included in this mess.
Mailchimp said in an unattributed blog post that its security team detected an intruder on January 11 accessing one of its internal tools used by Mailchimp customer support and account administration, though the company did not say for how long the intruder was in its systems or what information he or she accessed. With a social engineering attack, someone uses manipulation techniques by phone, email or text to gain private information like passwords. The hacker then used those compromised employee passwords to gain access to data on 133 Mailchimp accounts, which the company notified of the intrusion.
Mailchimp said that it was notified by WooCommerce a day later that the breach may have exposed the names, store web addresses, and email addresses of its customers. However, no customer passwords or other sensitive data was taken.
Mailchimp has become a very popular email marketing service used by WooCommerce, which builds and maintains popular open-source e-commerce tools for small businesses. WooCommerce is said to have more than five million customers using Mailchimp to send emails to their customers.
Mailchimp has been the victim of a spate of social engineering attacks in recent months, which have compromised the credentials of its customer support staff. This allows intruders access to Mailchimp’s internal tools and potentially their data. DigitalOcean had its account compromise in one such attack, and harshly criticized Mailchimp for their handling of the incident.
Mailchimp is a popular email marketing service used by businesses of all sizes. Earlier this year, Mailchimp announced that their systems had been hacked, and over 2 million usernames and passwords had been stolen. The company has since implemented additional security measures, but it’s still not clear if they were effective. It’s also troubling that Mailchimp wasn’t able to prevent this breach in the first place- their systems were clearly not sufficiently protected
No one is sure who is responsible for cybersecurity at Mailchimp following the departure of its chief information security officer Siobhan Smyth shortly after the August breach. It’s possible that Intuit, which bought Mailchimp for $12 billion in 2021, could take on some responsibility, but it’s also possible that Smyth’s successor will need to be more heavily involved in overseeing security measures. Regardless of who ultimately takes on responsibility, it appears that Mailchimp’s cyber defenses were not up to par following the attack.
