MailChimp has reportedly been hacked, exposing the personal information of dozens of its users.
This is the second time the organization has been attacked by hackers. Unfortunately, this hack seems to be quite similar to the one that occurred last year.
Another Hack Incident
MailChimp is a widely used platform for sending out newsletters and emails. Last Friday, Jan. 13, the company confirmed the most recent hack in its system, as first spotted by TechCrunch.
In an unnamed blog post, Mailchimp their security team discovered an intruder using one of their internal tools for customer assistance and account management on Jan. 11. The firm did not specify how long the hacker had been in the system.
According to Mailchimp, a hacker used social engineering to gain access to its systems. The said technique is an attempt to get sensitive information by deceiving an organization's own workers or contractors.
Employee credentials were obtained, and the hacker exploited them to access 133 Mailchimp accounts, of which the firm has now informed its users.
Among the companies whose accounts were hacked is WooCommerce, a major player in the online retail industry.
Affected Client
WooCommerce wrote a letter to customers, saying it had learned from Mailchimp that the breach may have revealed customers' names, store web URLs, and email addresses. However, the company claimed that no user passwords or other personal data had been stolen.
Mailchimp is used by WooCommerce to send out emails to its clients. WooCommerce is an open-source platform that develops and maintains e-commerce technologies for small enterprises. There are more than five million alleged WooCommerce users.
Previously Reported Breach
Basically, if this all seems familiar, it is because this is not the first time it has happened to Mailchimp.
In April of last year, Mailchimp said that the company had been the target of a social engineering assault that stole the credentials of its customer care workers, allowing the intruder access to Mailchimp's internal tools. Some 214 Mailchimp accounts had their data stolen in that hack, most of them associated with the financial sector or crypto.
DigitalOcean, a leading cloud provider, has said that the issue affected an account it controls and has sharply criticized Mailchimp's response to the incident.
At the time, Mailchimp said it had installed an extra set of strengthened security measures, but the company would not elaborate on what those actions were.
TechCrunch said it is unclear if Mailchimp correctly deployed those upgraded precautions or whether they failed, given the near-identical nature of the most recent breach and the previous one.
Because of the resignation of Mailchimp's chief information security officer Siobhan Smyth soon after the hack last year, it is unknown who, if anybody, is now in charge of the company's cybersecurity.