BT Academy
Thursday, November 21, 2024
BT Academy

@2022 - All Right Reserved. Designed and Developed by PenciDesign

Home Cyber Security Mailchimp slips up again, suffers security breach after falling on social engineering banana skin • Graham Cluley
Cyber Security

Mailchimp slips up again, suffers security breach after falling on social engineering banana skin • Graham Cluley

by BlueTrainingAcademy
written by 0 comment 0 views
0 FacebookTwitterPinterestEmail

For the second time in less than a year, email newsletter service Mailchimp found itself in an embarrassing position. Admitting a Data Breach.

According to Mailchimp, a social engineering attack successfully tricked Mailchimp employees and contractors into giving up their login credentials. These details were used by the hackers to access his 133’s Mailchimp account.

Mailchimp said it contacted all affected account holders on January 12, less than 24 hours after the security breach was discovered.

e-mailsign up for newsletter
Security news, advice and tips.

One of Mailchimp’s customers that appeared to be affected was WooCommerce, the maker of a popular WordPress plugin for companies that run online stores.

Woocommerce email
Woocommerce warns subscribers that Mailchimp has been compromised

WooCommerce has reached out to affected users to warn them that some of their personal information has been exposed.

  • their name
  • Online store URL
  • their address
  • e-mail address

Such information can obviously be misused by attackers, such as in phishing attacks.No doubt WooCommerce and other Mailchimp users are using their Own Mailchimp security mistake puts customers at risk.

Mailchimp is no stranger to security breaches.

March 2022, Mailchimp discovered It was discovered that the attackers had access to tools used by customer support teams and were able to gain access to 300 client accounts and steal subscriber data from 102 of them.

Mailchimp customers who worked in the cryptocurrency and financial sectors found their accounts targeted on the occasion and sent unsuspecting newsletter subscribers compelling (but malicious) emails. Scammers have opened the opportunity to send

Then, similar to recent breaches, the attackers used social engineering to trick Mailchimp workers into handing over their login credentials.

Mailchimp seems to have acted relatively quickly in this case, but I’m not sure if they’ve taken enough steps to lock down access to their internal tools and ensure that only truly authorized people have access. There will undoubtedly be questions about.

Did you find this article interesting? Follow Graham Cluley on Twitter Also Mastodon To read more about the exclusive content we post.

Graham Cluley is a veteran of the antivirus industry and has worked for many security companies since the early 1990s when he created the first version of Dr. Solomon’s Antivirus Toolkit for Windows. He is now an independent security he is an analyst, makes regular media appearances and gives international lectures on computer he security, hackers and online he privacy. Follow him on Twitter. @gcluleyfor Mastodon @[email protected]or drop him an email.

Tags: bananabreachCluleyEngineeringfallingGrahamMailchimpSecurityskinslipsSocialsuffers
0 FacebookTwitterPinterestEmail
cropped-BTA_Logo-B-1-scaled-1
YOUR FUTURE STARTS HERE.

BLUE TRAINING ACADEMY

Register now for our membership to gain access to our elite training program and fast forward your career today!

Security Training

Top 10 Qualities Of Effective Security Guards That Make Them Stand Out
How To Stay In Shape While Working As A Newly Hired Security Guard?
Things No One Will Tell You To Become A Successful Private Patrol Guard
5 Things Security Guards Should Keep In Mind When Conducting Site Tours
Proven Ways To Reduce No-Shows Using Guardso Guard Tour Software

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Related Posts

Casbaneiro Banking Malware Goes Under the Radar with UAC Bypass Technique

How to write a killer pentest report • Graham Cluley

Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks

Local Governments Targeted for Ransomware – How to Prevent Falling Victim

New Variant of AsyncRAT Malware Spreading Through Pirated Software

Apple Threatens to Pull iMessage and FaceTime from U.K. Amid Surveillance Demands

Azure AD Token Forging Technique in Microsoft Attack Extends Beyond Outlook, Wiz Reports

Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities

Tech support scammers trick victims into old-school offline money transfer

Turla’s New DeliveryCheck Backdoor Breaches Ukrainian Defense Sector

Boris Johnson’s WhatsApps, and sextorting party girls • Graham Cluley

How to Manage Your Attack Surface?

Security Videos

Doctor Checkup for Kids – Types of Doctors...
chill out & romanticize your CURRENT reality #selfawareness...
Hacker, IT-Forensiker oder doch Consultant? 5 IT-Security Berufe...
Data matters! Do Security Training Better
cropped-BTA_Logo-B-1-scaled-1
Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Facebook Twitter Youtube Twitch

Editors' Picks

🎊🎉Discovering the power of self-awareness 🌟 #shorts #thinkbig
🌸 Self Awareness
🔴 November 17's Top Cyber News NOW! –...
🦋 Happiness : Just Be 🦋 Self Awareness

Copyright ©️ All rights reserved. | Blue Training Academy Blog