The important thing to realize about the (recently) reported data breach at email newsletter service Mailchimp is that it wasn’t just Mailchimp’s customer data at risk.
Even if you’re not personally a Mailchimp customer, never heard of You may be affected by Mailchimp.
Customers of sportsbook and betting website FanDuel should have started to notice this, as they received warnings earlier this month that their names and email addresses had been exposed.
Part of the email looks like this:
We recently received reports from a third-party technology vendor that sends transactional emails on behalf of clients like FanDuel that a security breach had occurred within their system, affecting multiple clients. On Sunday evening, the vendor confirmed that FanDuel’s customer name and her email address had been obtained by unauthorized actors. No customer passwords, financial account information, or other personal information was obtained in this incident.
While no personal information other than your name and email address was involved, we encourage all of our customers to take 4 important steps to protect their FanDuel account and keep them playing safely and securely. Recommended.
Claiming FanDuel was hacked is not accurate. Instead, FanDuel, like many other companies, outsourced newsletter management to Mailchimp. In other words, FanDuel was responsible for handling the newsletter’s subscriber database and sending emails to Mailchimp on their behalf.
If Mailchimp is sending emails properly, this is all fine and dandy. Securing Details of those subscribers.
Unfortunately Mailchimp didn’t do that (and not the first time…).
As such, FanDuel found themselves in the embarrassing position of contacting customers exposed by the compromise and warning them about their names and email addresses, even though their passwords, financial information, etc. were not exposed. that is It is now in the hands of cyber criminals.
And if necessary, these criminals can craft compelling phishing emails to trick unsuspecting users into revealing more information (such as passwords). .
sign up for newsletterSecurity news, advice and tips.
We encourage FanDuel customers to stay vigilant and enable Two-Factor Authentication (2FA) on their FanDuel accounts if they haven’t done so already.
I think FanDuel and other companies affected by the Mailchimp data breach are pretty upset about their reputation being damaged by Mailchimp’s lax security.
In a notice to affected customers, it was a FanDuel of sorts, and needless to say, Mailchimp was the company that let the side down.
but, was mail chimp.
So now you know
Did you find this article interesting? Follow Graham Cluley on Twitter Or visit Mastodon to read more exclusive content we post.
