The important thing to realize about the (recently) reported data breach at email newsletter service Mailchimp is that it wasn’t just Mailchimp’s customer data at risk.
Even if you’re not personally a Mailchimp customer, never heard of You may be affected by Mailchimp.
Customers of sportsbook and betting website FanDuel should be starting to notice this, as they received warnings earlier this month that their names and email addresses had been exposed.
Part of the email looks like this:
We recently received reports from a third-party technology vendor that sends transactional emails on behalf of clients like FanDuel that a security breach had occurred within their system, affecting multiple clients. On Sunday evening, the vendor confirmed that FanDuel’s customer name and her email address had been obtained by unauthorized actors. No customer passwords, financial account information, or other personal information was obtained in this incident.
While no personal information other than your name and email address was involved, we encourage all customers to take 4 important steps to protect their FanDuel account and keep them playing safely and securely. Recommended.
Claiming FanDuel was hacked is not accurate. Instead, FanDuel, like many other companies, outsourced newsletter management to Mailchimp. In other words, FanDuel was responsible for handling the newsletter’s subscriber database and sending emails to Mailchimp on their behalf.
If Mailchimp is sending emails properly, this is all fine and dandy. Securing Details of those subscribers.
Unfortunately Mailchimp didn’t do that (and not the first time…).
As such, FanDuel found themselves in the embarrassing position of contacting customers exposed by the compromise and warning them about their names and email addresses, even though their passwords, financial information, etc. were not exposed. that is It is now in the hands of cyber criminals.
And, if necessary, these criminals can craft compelling phishing emails to trick unsuspecting users into revealing passwords and other details.
sign up for newsletterSecurity news, advice and tips.
We encourage FanDuel customers to exercise caution. Enable two-factor authentication (2FA) on your FanDuel account.
I think FanDuel and other companies affected by the Mailchimp data breach are pretty upset about their reputation being damaged by Mailchimp’s lax security.
Notifications to affected customers were like FanDuel, not to mention Mailchimp was the company that let the side down.
but, was mail chimp.
So now you know
Did you find this article interesting? Follow Graham Cluley on Twitter Also Mastodon To read more about the exclusive content we post.
