Mailchimp Hacked for a Second Time in Six Months
On January 11, the Mailchimp Security team identified an unauthorized actor who had accessed one of the company’s tools used by customer-facing teams for customer support and account administration.
The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors and obtained access to select Mailchimp accounts using employee credentials that were compromised in that attack.
According to Mailchimp, the targeted incident has been limited to 133 Mailchimp accounts, and there’s no evidence that this compromise affected Intuit systems or customer data beyond these Mailchimp accounts.
After identifying the unauthorized actor, Mailchimp temporarily suspended account access to accounts where suspicious activity was detected to protect users’ data.
Mailchimp notified the primary contacts for all affected accounts on January 12, less than 24 hours after the initial discovery. That afternoon, the company sent another email to affected accounts with steps to help users reinstate access to their Mailchimp accounts safely.
Since then, Mailchimp has been working with users directly to help them reinstate their accounts, answer questions, and provide any additional support they need.
For the Second Time in Six Months, MailChimp is Hacked
Twitter user Armin shared the email from WooCommerce, one of Mailchimp’s customers affected by the data breach. The email reads,
The email went on the say,
If this is giving you deja-vu, it’s because, basically, the same hack happened in August 2022. At that time, Mailchimp said that 214 accounts had been affected and that they had implemented additional security measures.
Mailchimp has apologized for any frustration caused by the incident and is continuing its investigation. The company will be providing impacted account holders with timely and accurate information throughout the process.
If anyone has any questions regarding a notice they received or the incident in general, they can reach out to [email protected].