Cybercriminals strike again: Mailchimp faces a second attack in half a year, affecting 133 customer accounts
In a recent security incident disclosed on Tuesday, Mailchimp, the popular email marketing service, revealed that an unauthorized export of customer data occurred on one of its accounts. The specific organisation affected by the data breach, however, was not explicitly named in the initial announcement.
The incident, which took place on January 10, saw an unauthorized actor gain access to a company tool used for customer support and account administration. As a result, 133 customer accounts were compromised following a social-engineering attack.
Fantom, a smart contract platform, and WooCommerce, an e-commerce platform, were both impacted by this breach. Fantom collects email addresses, some names, location information (latitude and longitude), and information about where emails were opened, including the country or region, on a small number of customer accounts. WooCommerce, on the other hand, was not affected in terms of store or customer data hosted by the platform.
In response to the incident, Mailchimp temporarily suspended accounts with suspicious activity on January 12. They subsequently notified the primary contacts on the customer accounts about the compromise on the same day.
Despite the ongoing investigation, Mailchimp is yet to confirm whether the actor actually downloaded the data from the affected accounts. The spokesperson for Mailchimp declined to comment on social media posts and customer emails indicating compromise during the attack.
Ant Allan, VP analyst at Gartner, has attributed the repeated attacks on Mailchimp to an over-reliance on passwords as the sole authentication method. He emphasized that Multi-Factor Authentication (MFA) is no longer a best practice approach; it is now a minimum good practice.
It is worth noting that no credit card or password information was compromised in this incident. The impact of the attack on WooCommerce did not affect any data stored by WooCommerce.com or WordPress.com.
This is the second attack against Mailchimp since August, during which at least 214 user accounts were impacted. Stolen credentials are identified as the major cause of data breaches, according to Ant Allan.
On January 13, WooCommerce was notified about the attack, and Mailchimp began to contact customers to reinstate those accounts on Tuesday. The compromise did not affect Intuit's systems or customer data beyond the Mailchimp accounts.
Mailchimp's investigation into the matter remains ongoing. The company is yet to determine the full extent of the data breach and is working diligently to ensure the security of its users' data.
