After hackers gained access to an internal customer assistance and account management tool, the email marketing company MailChimp had another breach that gave threat actors access to the information of 133 customers.
According to MailChimp, the attackers used social engineering to trick contractors and workers of the company by giving them access to employee login information. The hack was initially discovered on January 11, when MailChimp discovered an unauthorized user using their support resources.
“After we identified evidence of an unauthorized actor, we temporarily suspended account access for Mailchimp accounts where we detected suspicious activity to protect our users’ data,” per a statement about the security incident. “We notified the primary contacts for all affected accounts on January 12, less than 24 hours after initial discovery.”
While MailChimp does not routinely divulge client information, they can confirm that no credit card or password information was exposed due to this incident. It was their answer to inquiries regarding the breach. They are still looking into the situation, and part of their research is developing ways to secure their platform further. They are not making public comments about their activities due to operational security concerns.
One of the victims of this hack is the hugely popular WooCommerce eCommerce plugin for WordPress, as was first reported by TechCrunch. Customers have received emails from WooCommerce informing them that their names, store URLs, addresses, and email addresses were exposed due to the MailChimp hack. Even though threat actors frequently exploit this kind of information for targeted phishing attacks to steal passwords or install malware, WooCommerce claims that there is no evidence that the stolen data has been abused.
Owners of Trezor hardware wallets started getting phony data breach warnings in April 2022, which prompted users to download a bogus version of the Trezor Suite software that would steal their recovery seeds. The email list employed in this phishing attempt was a Trezor mailing list obtained in a MailChimp hack, Trezor stated on Twitter.
Later, MailChimp acknowledged that the breach was more serious. As a result of staff falling for a social engineering trick, threat actors gained access to 319 MailChimp accounts and could export the data of 102 clients. The marketing business acknowledged that this information was used in phishing emails but would not provide details on the cyberattacks.
A second breach of MailChimp occurred in August 2022 due to staff members falling for the ‘0ktapus’ Okta phishing scam. MailChimp informed the media at the time that threat actors gained access to 214 MailChimp accounts, concentrating on those interested in cryptocurrencies. The August incident impacted customers, including Edge Wallet, Cointelegraph, NFT developers, Ethereum FESP, Messari, and Decrypt.