For the second time in less than a year, email newsletter service Mailchimp found itself in an embarrassing position. Admitting a Data Breach.
According to Mailchimp, a social engineering attack successfully tricked Mailchimp employees and contractors into giving up their login credentials. These details were used by the hackers to access his 133’s Mailchimp account.
Mailchimp said it contacted all affected account holders on January 12, less than 24 hours after the security breach was discovered.
One of Mailchimp’s customers that appeared to be affected was WooCommerce, the maker of a popular WordPress plugin for companies that run online stores.
WooCommerce has reached out to affected users to warn them that some of their personal information has been exposed.
- their name
- Online store URL
- their address
- e-mail address
Such information can obviously be misused by attackers, such as in phishing attacks.No doubt WooCommerce and other Mailchimp users are using their Own Mailchimp security mistake puts customers at risk.
Mailchimp is no stranger to security breaches.
March 2022, Mailchimp discovered It was discovered that the attackers had access to tools used by customer support teams and were able to gain access to 300 client accounts and steal subscriber data from 102 of them.
Mailchimp customers who worked in the cryptocurrency and financial sectors found their accounts targeted on the occasion and sent unsuspecting newsletter subscribers compelling (but malicious) emails. Scammers have opened the opportunity to send
Then, similar to recent breaches, the attackers used social engineering to trick Mailchimp workers into handing over their login credentials.
Mailchimp seems to have acted relatively quickly in this case, but I’m not sure if they’ve taken enough steps to lock down access to their internal tools and ensure that only truly authorized people have access. There will undoubtedly be questions about.