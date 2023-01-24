scorecardresearch
Tuesday, Jan 24, 2023
Advertisement

Mailchimp suffers social engineering attack, says breach exposed customer data

Bad actors gained access to information from as many as 133 Mailchimp accounts.

mailchimp logo featuredThis attack follows another similar one from last year (Express photo)
Listen to this article
Mailchimp suffers social engineering attack, says breach exposed customer data
x
00:00
1x 1.5x 1.8x

Mass email and marketing automation platform Mailchimp has confirmed that it was hacked on January 11, with bad actors gaining access to information from 133 accounts. The data can potentially be used to send account owners unsolicited ads or targeted phishing attacks.

The company said in a blog post that its security team detected an “unauthorised actor” accessing one of its internal tools used by Mailchimp customer-facing teams for customer support and account administration. This actor had conducted a social engineering attack on Mailchimp employees, obtaining access to Mailchimp accounts using employee credentials compromised in that attack.

Social engineering attacks defer from outright hacking as they do not exploit technical vulnerabilities. Instead, bad actors deceive employees to give up confidential data through psychological manipulation.

Also Read |ChatGPT can be used to write phishing emails, malicious code, warn security experts

Those 133 accounts could comprise mailing lists so the email addresses of many more customers may have been obtained by the bad actors. Open source e-commerce platform, WooCommerce, was one of those accounts. In a note to customers, the e-commerce giant said it was notified by Mailchimp that the breach may have exposed the names, email addresses, and store web addresses of its customers. However, customer passwords are reportedly still safe.

Subscriber Only Stories
View All
Upendra Singh Kushwaha and Nitish Kumar: A long love-hate relationship
Upendra Singh Kushwaha and Nitish Kumar: A long love-hate relationship
For tech companies, years of easy money yield to hard times
For tech companies, years of easy money yield to hard times
Delhi Confidential: Bollywood stars laud PM for naming Andaman & Nico...
Delhi Confidential: Bollywood stars laud PM for naming Andaman & Nico...
Made in Chanpatia: Migrants now entrepreneurs at Start-up Zone
Made in Chanpatia: Migrants now entrepreneurs at Start-up Zone

Market and consumer data specialist Statista on Monday also sent out an email to customers saying that name and email details had been exposed in the breach, though no password information was stolen.

Mailchimp says that “there is no evidence that this compromise affected Intuit systems or customer data beyond these Mailchimp accounts.” The company wasn’t particular about the kind of data that was stolen with the breach in its note. But considering that Mailchimp is usually only responsible for sending newsletters and promo emails, it’s likely that the bad actors did not make away with sensitive account details and phone numbers.

Also Read |A look at the most common types of WhatsApp scams and how to avoid them

“After we identified evidence of an unauthorized actor, we temporarily suspended account access for Mailchimp accounts where we detected suspicious activity to protect our users’ data. We notified the primary contacts for all affected accounts on January 12, less than 24 hours after initial discovery,” says the company in its statement concerning the hack.

Advertisement

This isn’t the first time Mailchimp has been breached. The email marketing service was a victim of a similar social engineering attack last August where bad actors obtained credentials of the company’s customer support staff, gaining access to Mailchimp’s internal tools.

© IE Online Media Services Pvt Ltd
First published on: 24-01-2023 at 14:26 IST
Next Story

Shah Rukh Khan gives a philosophical answer as fan asks the view from the top: ‘The edge I stand on is very small’

Follow us on Telegram Never miss a story from The Indian Express. Join our Telegram channel
Follow Now
Latest Comment
Post Comment
Read Comments
Advertisement

More Tech
Advertisement

Photos

Lunar Eclipse 2022 images: Pictures of the last total lunar eclipse for next three years
Best of Express
Must Read
Advertisement
Jan 24: Latest News
Advertisement
close