MailChimp, a popular email marketing firm, suffered a breach after hackers accessed an internal customer support and account administration tool. The attack, which was first detected January 11th, was conducted through social engineering, allowing the threat actors to access the data of 133 customers.
In response to the breach, MailChimp stated that “no credit card or password information was compromised as a result of this incident” and that the company is “identifying measures to further protect our platform.”
Affected customers include the massively popular WooCommerce eCommerce plugin for WordPress, which sent out emails warning customers of the incident.
This is not the only recent security incident over at MailChimp. In April 2022, Trezor hardware wallet owners began receiving fake data breach notifications prompting customers to download a fake Trezor Suite software that would steal their recovery seeds. MailChimp later confirmed that the breach was more extensive, with 319 MailChimp accounts compromised and data exported from 102 customers. The data was used in phishing emails targeting cryptocurrency-related customers.
But there was a third breach in recent months too! In August 2022, MailChimp was again breached after employees fell for an Okta phishing attack dubbed ‘0ktapus.’ The attack accessed 214 MailChimp accounts, with customers such as Edge Wallet, Cointelegraph, NFT creators, Ethereum FESP, Messari, and Decrypt all affected.
MailChimp has not shared any further details about the attacks, but is continuing to investigate the incidents and says it is in the process of strengthening its security measures. However it is not clear what actions have been taken.