For the second time in recent months, email marketing firm MailChimp found itself to be the target of a cyberattack. The breach occurred after hackers compromised a tool used by the company’s customer support and account administration teams, which led to the exposure of dozens of customers’ data.
In an event that is reminiscent of the data breach it suffered last year, the email marketing and newsletter service informed that its security team detected an unauthorized actor accessing one of its internal tools on January 11. The tool was used by the firm’s customer support and account administration, and once that was compromised, the threat actors were able to access the accounts of dozens of business customers – 133, to be precise.
The breach that occurred in its systems last year was almost identical as hackers had used the same methods to gain access to customer accounts back then, which makes one wonder whether Mailchimp had adequately worked on the chinks in its armor after all. According to the blog post by the Intuit-owned Mailchimp, its security team detected the intruder in its systems on January 11 but failed to mention for how long the unauthorized actor was accessing its internal tool. Just like the cyberattack last year, the hacker conducted a social engineering attack that targeted the firm’s employees and contractors to obtain access to select Mailchimp accounts using employee credentials compromised in that attack.
Mailchimp temporarily suspended account access for Mailchimp accounts once it detected suspicious activity and notified the primary contacts for all affected accounts on January 12, but by then it was too late. “Our investigation into the matter is ongoing and includes identifying measures to further protect our platform. For operational security reasons we are not publicly commenting on actions we are taking,” the service said.
For those who are unaware, social engineering attacks psychologically manipulate people to gain access to their private information, such as passwords.
This then resulted in the hacker gaining access to the data on 133 Mailchimp accounts, including that of e-commerce player WooCommerce. The open-source e-commerce plugin informed in a note to customers that the breach may have resulted in the exposure of the names, store web addresses, and email addresses of its customers. It assured that no customer password, payment data, or other sensitive information had been taken, and the data of customers were safe.
“We have confirmed with Mailchimp that your account is secure and follows all security-based practices, and are working with them to better understand the cause of this breach and what they’re doing to prevent similar incidents in the future,” read the note by WooCommerce.
— Armin (@Arm_i_n) January 18, 2023