Mailchimp hacked for second time in a year

Email marketing company Mailchimp has confirmed it suffered a second hacking incident in less than a year.

Mailchimp’s security team identified an unauthorised actor accessing one of the tools used by the company’s customer-facing teams for customer support and account administration on 11 January 2023.

Its investigations found that the unauthorised actor conducted a social engineering attack on Mailchimp employees and contractors.

These types of attacks use manipulation via phone calls, texts, or emails to convince a target that they must share details that could lead to sensitive accounts or systems being accessed.

Two of the most high-profile cases where this technique was used were the 2022 hackings of Uber and Rockstar Games, both of which were supposedly carried out by a 17-year-old teenager from the UK.

An intruder previously accessed 214 Mailchimp accounts through a social engineering attack in March 2022. The company only acknowledged the incident in August 2022.

133 more accounts exposed in latest breach

In the latest attack, the hackers obtained access to “select” Mailchimp accounts using employee credentials compromised through the same technique.

“Based on our investigation to date, this targeted incident has been limited to 133 Mailchimp accounts,” the company said.

Mailchimp stated there was “no evidence” that the breach had affected the systems of its parent company Intuit or customer data beyond the Mailchimp accounts compromised.

It temporarily suspended account access for the affected accounts where suspicious activity was detected to protect users’ data.

“We notified the primary contacts for all affected accounts on 12 January, less than 24 hours after the initial discovery,” Mailchimp said.

“That afternoon, we sent another email to affected accounts with steps to help users reinstate access to their Mailchimp accounts safely.”

“Since then, we’ve been working with our users directly to help them reinstate their accounts, answer questions, and provide any additional support they need.”

TechCrunch reported that one compromised customer was WooCommerce, which provides open-source e-commerce tools for small businesses. It has over 5 million customers.

Mailchimp admitted that an incident of this nature could cause uncertainty and said it was “deeply sorry for any frustration.”

“We are continuing our investigation and will be providing impacted account holders with timely and accurate information throughout the process.”

Now read: Lawyers must pay R5.5 million after cyberattackers steal homebuyer’s money