You have4 free articles left this month.
Register for a free account to access unlimited free content.
You have 4 free articles left this month.
Register for a free account to access unlimited free content.
Powered by MOMENTUM MEDIA
lawyers weekly logo

Powered by MOMENTUMMEDIA

Breaking news and updates daily. Subscribe to our Newsletter
Advertisement

Over 100 Mailchimp accounts compromised in social engineering hack

It’s probably a truism that if you’ve been hacked before, you’ll be hacked again eventually, which is something that email marketing company Mailchimp is finding out. This week, the company announced that 133 Mailchimp accounts had been compromised.

Over 100 Mailchimp accounts compromised in social engineering hack
expand image

And not by malware or ransomware, but by good old-fashioned social engineering.

The incident occurred on 11 January, when Mailchimp’s security bods found someone accessing their tools who was not supposed to be accessing their tools. Whoever it was, Mailchimp reports, seems to have successfully tricked either contractors or employees — potentially both and got access to the same software used by Mailchimp’s customer support teams.

“There is no evidence that this compromise affected Intuit systems or customer data beyond these Mailchimp accounts,” according to Mailchimp.

Intuit is Mailchimp’s parent company.

Once the illegal access had been spotted, Mailchimp acted commendably fast. It suspended any account where it had spotted suspicious activity, and notified all affected users within 24 hours of detection.

“That afternoon, we sent another email to affected accounts with steps to help users reinstate access to their Mailchimp accounts safely,” Mailchimp said in an announcement. “Since then, we’ve been working with our users directly to help them reinstate their accounts, answer questions, and provide any additional support they need.”

Hopefully, this breach won’t be as potentially costly as a previous incident from April 2022.

Last year, 100 Mailchimp accounts belonging to companies and individuals involved in crypto trading were compromised, which in turn led to a number of successful — and very damaging phishing attacks.

Following that, a class action suit worth millions of dollars was launched against the company, with the lead plaintiff claiming to have lost about US$82,000.

In that case, it was a phishing attack that compromised Mailchimp’s systems, but clearly the company’s cyber security training still leaves a lot to be desired.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

You need to be a member to post comments. Become a member for free today!

Comments (0)

Cyber Daily Comments
Attach images by dragging & dropping or by selecting them.
The maximum file size for uploads is MB. Only files are allowed.
 
The maximum number of 3 allowed files to upload has been reached. If you want to upload more files you have to delete one of the existing uploaded files first.
The maximum number of 3 allowed files to upload has been reached. If you want to upload more files you have to delete one of the existing uploaded files first.
Posting as

    newsletter
    cyber daily subscribe
    Be the first to hear the latest developments in the cyber industry.