MailChimp Reports a Data Breach Incident

This is the firm's second hacking incident, and it appears identical to last year's.

Mailchimp
A view of the Mailchimp display at the Fast Company Innovation Festival - Day 1 on November 05, 2019 in New York City. Brad Barket/Getty Images for Fast Company

MailChimp has reportedly been hacked, exposing the personal information of dozens of its users.

This is the second time the organization has been attacked by hackers. Unfortunately, this hack seems to be quite similar to the one that occurred last year.

Another Hack Incident

MailChimp is a widely used platform for sending out newsletters and emails. Last Friday, Jan. 13, the company confirmed the most recent hack in its system, as first spotted by TechCrunch.

In an unnamed blog post, Mailchimp their security team discovered an intruder using one of their internal tools for customer assistance and account management on Jan. 11. The firm did not specify how long the hacker had been in the system.

According to Mailchimp, a hacker used social engineering to gain access to its systems. The said technique is an attempt to get sensitive information by deceiving an organization's own workers or contractors.

Employee credentials were obtained, and the hacker exploited them to access 133 Mailchimp accounts, of which the firm has now informed its users.

Among the companies whose accounts were hacked is WooCommerce, a major player in the online retail industry.

Affected Client

WooCommerce wrote a letter to customers, saying it had learned from Mailchimp that the breach may have revealed customers' names, store web URLs, and email addresses. However, the company claimed that no user passwords or other personal data had been stolen.

Mailchimp is used by WooCommerce to send out emails to its clients. WooCommerce is an open-source platform that develops and maintains e-commerce technologies for small enterprises. There are more than five million alleged WooCommerce users.

Previously Reported Breach

Basically, if this all seems familiar, it is because this is not the first time it has happened to Mailchimp.

In April of last year, Mailchimp said that the company had been the target of a social engineering assault that stole the credentials of its customer care workers, allowing the intruder access to Mailchimp's internal tools. Some 214 Mailchimp accounts had their data stolen in that hack, most of them associated with the financial sector or crypto.

DigitalOcean, a leading cloud provider, has said that the issue affected an account it controls and has sharply criticized Mailchimp's response to the incident.

At the time, Mailchimp said it had installed an extra set of strengthened security measures, but the company would not elaborate on what those actions were.

TechCrunch said it is unclear if Mailchimp correctly deployed those upgraded precautions or whether they failed, given the near-identical nature of the most recent breach and the previous one.

Because of the resignation of Mailchimp's chief information security officer Siobhan Smyth soon after the hack last year, it is unknown who, if anybody, is now in charge of the company's cybersecurity.

Trisha Andrada
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics