Tweet
Top email marketing firm MailChimp has suffered a data breach after hackers managed to steal login credentials from its employees.
The company confirmed the news in a notification sent out to affected customers, noting that threat actors pulled off a successful social engineering attack against its employees and contractors, giving them access to internal customer support and account administration tools.
MailChimp said it spotted the suspicious activity on January 11, and quickly suspended access to the affected accounts.
[HEADING=1]More than a hundred victims[/HEADING]
āAfter we identified evidence of an unauthorized actor, we temporarily suspended account access for Mailchimp accounts where we detected suspicious activity to protect our usersā data,ā the company said in the announcement. āWe notified the primary contacts for all affected accounts on January 12, less than 24 hours after initial discovery.ā
Further investigation uncovered that a total of 133 customers were affected by the breach, including a popular WordPress plugin, WooCommerce eCommerce.
WooCommerce sent out a warning to its users, saying while names, store URLs, addresses, and email addresses were most likely accessed, payment data, passwords, or other sensitive data were not. The company also said there is no evidence at the moment that the attackers are using the obtained information. Still, this type of data rarely doesnāt get utilized, as itās a powerful weapon in phishing attacks, business email compromise attacks, and other identity theft attacks.
Read more
This is not the first time MailChimpās filled headlines for all the wrong reasons. In April 2022, the company announced a data breach, with attackers getting away with more than a hundred mailing lists. The mailing lists were later used to target people with phishing attacks, in an attempt to steal their money and cryptocurrency holdings.
With the stolen credentials, the attackers accessed 319 MailChimp accounts and exported āaudience dataā, including mailing lists from 102 customer accounts.
They also accessed API keys (now defunct) from an unknown number of customers. With the keys, the attackers can create custom email campaigns and send them to mailing lists without accessing the MailChimp customer portal.
One of the companies whose customers were targeted with a phishing attack was hardware crypto wallet company Trezor.
[ul]
[li]Here are the best firewalls right now[/li][/ul]
Via: BleepingComputer
Continue readingā¦
The company confirmed the news in a notification sent out to affected customers, noting that threat actors pulled off a successful social engineering attack against its employees and contractors, giving them access to internal customer support and account administration tools.
MailChimp said it spotted the suspicious activity on January 11, and quickly suspended access to the affected accounts.
[HEADING=1]More than a hundred victims[/HEADING]
āAfter we identified evidence of an unauthorized actor, we temporarily suspended account access for Mailchimp accounts where we detected suspicious activity to protect our usersā data,ā the company said in the announcement. āWe notified the primary contacts for all affected accounts on January 12, less than 24 hours after initial discovery.ā
Further investigation uncovered that a total of 133 customers were affected by the breach, including a popular WordPress plugin, WooCommerce eCommerce.
WooCommerce sent out a warning to its users, saying while names, store URLs, addresses, and email addresses were most likely accessed, payment data, passwords, or other sensitive data were not. The company also said there is no evidence at the moment that the attackers are using the obtained information. Still, this type of data rarely doesnāt get utilized, as itās a powerful weapon in phishing attacks, business email compromise attacks, and other identity theft attacks.
Read more
MailChimp breach exposes hundreds of customer accounts
Mailchimp parent hit with lawsuit over cybersecurity ānegligenceā
Check out the best endpoint protection services right now
Mailchimp parent hit with lawsuit over cybersecurity ānegligenceā
Check out the best endpoint protection services right now
With the stolen credentials, the attackers accessed 319 MailChimp accounts and exported āaudience dataā, including mailing lists from 102 customer accounts.
They also accessed API keys (now defunct) from an unknown number of customers. With the keys, the attackers can create custom email campaigns and send them to mailing lists without accessing the MailChimp customer portal.
One of the companies whose customers were targeted with a phishing attack was hardware crypto wallet company Trezor.
[ul]
[li]Here are the best firewalls right now[/li][/ul]
Via: BleepingComputer
Continue readingā¦