Mailchimp says it was hacked, again

Reading Time: 3 Minutes

Hacked, again

Mailchimp, a company that specializes in email marketing and newsletters, has announced that it was hacked and that dozens of customers’ data was exposed. This is the second time the company has been hacked in the past six months, with the current incident being almost identical to the previous one.

The company says that its security team detected an intruder on January 11th accessing one of its internal tools used by Mailchimp customer support and account administration.

The hacker targeted Mailchimp’s employees and contractors with a social engineering attack, in which they used manipulation techniques to gain private information, like passwords.

​133 Customer accounts compromised

The hacker then used those compromised employee passwords to gain access to data on 133 Mailchimp accounts, which the company notified of the intrusion. One of the targeted accounts belongs to e-commerce giant WooCommerce.

While WooCommerce states that there is no indication that the stolen data has been misused, threat actors commonly use this type of data for targeted phishing attacks to steal credentials or install malware.

MailChimp’s response

The marketing company confirmed that this data was being used in phishing emails but declined to share more information about the attacks.

It is not immediately clear who, if anyone, is responsible for cybersecurity at Mailchimp following the departure of its chief information security officer.

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: techcrunch.com

Source Link