Mailchimp, a popular email marketing and newsletter service, has revealed yet another security breach that allowed threat actors to access internal support and account management tools to obtain information about 133 customers. bottom.
According to the Intuit-owned company, “unauthorized attackers conducted social engineering attacks against Mailchimp employees and contractors, using the compromised employee credentials in the attacks to target Mailchimp of choice. You have obtained access to your account.”
The development was first reported by TechCrunch.
Mailchimp said it identified the revocation on January 11, 2023, and said it had no evidence that an unauthorized party had compromised Intuit systems or other customer information outside of 133 accounts.
It further states that the primary contact for all affected accounts was notified within 24 hours and has since assisted those users in regaining access to their accounts.
However, the Atlanta-based company has not disclosed how long the intruder remained on the system and the exact type of information accessed.
However, one of the compromised accounts, WooCommerce, exposed user names, store URLs, addresses, and email addresses in the incident, but not payment data, passwords, and other sensitive information. said there wasn’t.
In the past year alone, Mailchimp has suffered two separate breaches. The first breach involved malicious actors gaining unauthorized access to her 319 customer accounts in April 2022 for the purpose of conducting a crypto-phishing scam.
Then, in August 2022, 216 customer accounts were compromised in another sophisticated social engineering attack orchestrated by a group called 0ktapus (aka Scatter Swine).
