Mailchimp has confirmed a data breach after malicious hackers compromised an internal company tool to gain access to customer accounts.
The company became aware of the intrusion on March 26 after it identified a malicious actor accessing a tool used by the company's customer support and administration account teams. A successful social engineering attack, which exploits human error and uses manipulation techniques to gain private information, access, or valuables, gained access.
We took steps to prevent additional employees from being affected by the situation, and we terminated access to the compromised employee accounts.
The company said that hackers viewed approximately 300 Mailchimp accounts and successfully exported audience data from 102 of them. The hackers targeted customers in the finance and criptocurrency sectors, according to Mailchimp. The threat actors gained access to an undisclosed number of customers, allowing them to potentially send spoofed emails, but which have now been disabled and can no longer be used. Some reports of the hackers using the information they obtained from user accounts to send fraudulent campaigns to their contacts have been received by Mailchimp.
When we become aware of unauthorized account access, we notify the account owner and immediately suspend any further access.
We wanted to know what additional security measures Mailchimp is taking to prevent future attacks.
Bleeping Computer first reported the incident over the weekend, which was followed by a statement from Trezor, which said that its users had been the target of fraudulent emails as a result of the hack at Mailchimp. If the malicious emails had been installed, they could have allowed hackers to steal customers' money.
Mailchimp wouldn't say how many other services or financial institutions were affected by the incident.
Intuit’s $12B Mailchimp acquisition is about expanding its small business focus
All Rights Reserved © 2024
