Mailchimp, an email marketing service provider, has announced that it has suffered a data breach as a result of a social engineering attack against its employees and contractors.
The company says an unauthorized attacker was able to gain access to selected Mailchimp accounts using the compromised employee’s credentials in the attack.
Mailchimp said the incident was limited to 133 accounts, and there’s no evidence that the breach impacted any other systems or customer data outside of those Mailchimp accounts. The newsletter giant temporarily suspended account access for a user his Mailchimp account where suspicious activity was detected in order to protect his data.
mailchimp is apologized Regarding the incident, it said it was working directly with users to help recover their accounts, answer questions, and provide any additional support they needed. The company is also continuing its investigation and is providing affected account holders with timely and accurate information throughout the process.
The company urges users to contact ciso@mailchimp.com if they have any questions regarding this incident.
According to Patrick Lagg, Cyber Incident Response Manager at Integrity360hacking is a reminder that social engineering attacks can be very effective, and it is important that companies have appropriate security protocols in place and employees are aware of these types of attacks. am.
“Phishing emails remain the most successful initial access method for compromise, so it’s not good for companies whose business is based on email marketing to be compromised,” Wragg said. Information security on mail.
“Perhaps what makes this even more interesting is that we confirmed that Mailchimp was compromised by the phishing/social engineering campaign itself. Education and awareness are still important, even with phishing emails.”
Breached less than a year after Mailchimp got another hack April 2022.
