Another breach has occurred at MailChimp, which allowed threat actors to access 133 customers’ data after hackers gained access to its account admin tool and internal customer support system.
A social engineering attack was conducted on the employees and contractors of Mailchimp through which attackers gained access to employee credentials.
As soon as MailChimp detected that an unauthorized person was accessing its support tools on January 11th, it took immediate action against the attacker.
Here’s what Mailchimp stated:-
“To protect the data of our users in accordance with our policies, we temporarily suspended access to Mailchimp accounts for which we discovered suspicious activity after identifying evidence of an unauthorized actor. On January 12, less than 24 hours after discovering that all affected accounts had been compromised, we contacted the primary contact of each account.”
It has been determined that further steps are being taken to further protect the platform as part of the company’s investigation into the matter. However, the actions that are being taken by the company are not being publicly discussed for operational security reasons.
A number of things have been handled directly by the company through direct contact with its users, including:-
- Restore their accounts to their original status
- Answer questions
- Ensure that they receive any additional support that they may require
You may contact the company through the following official email if you have questions regarding the incident or the notice you received:-
For such an uncertain situation, the company also apologized:-
“We know that incidents like this can cause uncertainty, and we’re deeply sorry for any frustration.”
Moreover, the company affirmed that throughout the investigation, they will continue to provide timely and accurate information to all affected account holders and will monitor the situation closely.
Network Security Checklist – Download Free E-Book