Email addresses of some users were exposed, according to cloud behemoth DigitalOcean, due to a recent "security incident" at Mailchimp.
Mailchimp Keeps Quiet on the Security Breach
A recent but undated incident saw threat actors target data and information from "crypto-related companies" using phishing and social engineering tactics, according to a blog post from email marketing provider Mailchimp on Aug. 12.
A company representative told TechCrunch that the incident had an impact on 214 Mailchimp accounts.
Mailchimp is holding additional information, but DigitalOcean, which has acknowledged it was also a victim of the attack, is not.
DigitalOcean Shared More Details About the Attack
Customers of DigitalOcean are being warned that a recent MailChimp security breach revealed some customers' email addresses, and a small percentage of those customers received unauthorized password resets, according to a news story by Bleepingcomputer.
The company claims that after MailChimp abruptly stopped their account on Aug. 8, they became aware of the breach.
Meanwhile, TechCrunch reported that the account had been temporarily disabled owing to a "terms of service" infringement, according to an automated email from Mailchimp. Mailchimp distributed the same notice to other individuals working in the cryptocurrency sector, which fueled rumors that the company has terminated its service for crypto content creators.
Read More: Cisco Confirms Data Breach by Yanluowang Ransomware Gang
To notify customers of password resets, email confirmations, and alerts, DigitalOcean used this MailChimp account. The cloud giant said that a customer informed their cybersecurity team of an unauthorized password reset on the same day.
They discovered after an investigation that an unapproved email address from the @arxxwalls.com domain had been added to their MailChimp account and had been used in emails since Aug. 7.
Assuming their MailChimp account had been compromised, DigitalOcean claims they contacted the vendor but received no response until August 10, when they discovered that a hacker had accessed MailChimp's internal support tools.
Further investigation discovered that the threat actor attempted to change passwords on DigitalOcean accounts using the stolen customer email addresses. These requests for password resets came from the IP address x.213.155.164.
The multi-factor authentication accounts, however, were safeguarded from the password reset attempts.
According to DigitalOcean, the usage of two-factor authentication prevented a small number of the attacker's target customers from having their accounts completely compromised. As a result, the company plans to make two-factor security the default option for all DigitalOcean accounts, as per TechCrunch.
Since then, DigitalOcean has changed to a different email service provider.
What Does Mailchimp Says About the Attack
Mailchimp said it took proactive steps to temporarily limit account access for accounts where it spotted suspicious activity while the company conducts a more thorough investigation of the matter, TechCrunch noted.
Mailchimp advised "letting your contacts know they should be extra vigilant about any phishing attacks that appear to come from your company or company's account" in an email sent to one affected customer that TechCrunch has seen.
The email stated that Mailchimp had become aware of "potential unauthorized activity" in the users' account.
Mailchimp claimed to have contacted the impacted clients directly.
Related Article: MailChimp Hacked: Stolen Data Used for Phishing Attacks on Trezor Crypto Wallet Users
