software mailchimp hacked for a second time in six months

Mailchimp Hacked for a Second Time in Six Months

mailchimp hacked
Image Credit: Mailchimp

On January 11, the Mailchimp Security team identified an unauthorized actor who had accessed one of the company’s tools used by customer-facing teams for customer support and account administration.

Mailchimp has said that the incident impacted 133 Mailchimp accounts

The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors and obtained access to select Mailchimp accounts using employee credentials that were compromised in that attack.

According to Mailchimp, the targeted incident has been limited to 133 Mailchimp accounts, and there’s no evidence that this compromise affected Intuit systems or customer data beyond these Mailchimp accounts.

After identifying the unauthorized actor, Mailchimp temporarily suspended account access to accounts where suspicious activity was detected to protect users’ data.

Mailchimp notified the primary contacts for all affected accounts on January 12, less than 24 hours after the initial discovery. That afternoon, the company sent another email to affected accounts with steps to help users reinstate access to their Mailchimp accounts safely.

Since then, Mailchimp has been working with users directly to help them reinstate their accounts, answer questions, and provide any additional support they need.

For the Second Time in Six Months, MailChimp is Hacked

Twitter user Armin shared the email from WooCommerce, one of Mailchimp’s customers affected by the data breach. The email reads,

On January 12, 2023, we were notified about an unauthorized breach of Mailchimp, a communications tool WooCommerce uses to send emails to customers

The email went on the say,

This breach may have resulted in some of the information you’ve shared with us, including your name, store URL, address, and email address, being exposed. No payment data, passwords, or sensitive security information is part of this breach.

If this is giving you deja-vu, it’s because, basically, the same hack happened in August 2022. At that time, Mailchimp said that 214 accounts had been affected and that they had implemented additional security measures.

Mailchimp has apologized for any frustration caused by the incident and is continuing its investigation. The company will be providing impacted account holders with timely and accurate information throughout the process.

If anyone has any questions regarding a notice they received or the incident in general, they can reach out to [email protected].

About James Capell

James Capell

Technical editor and journalist. I have a particularly strong interest in NLP, AI ethics and cyber crime. Not too fond of cats.