Bea Beltran Tech 01.19.2023 00:Jan AM EST

MailChimp Suffers Another Breach Due to Stolen Employee Credentials

Mailchimp, an email marketing firm went through another cyber attack. The incident led to hackers accessing 133 customer data through the company's internal support and account administration tool, following the attack on company employees.

The System Breach

According to Mailchimp, the hackers were able to access the company's system by acquiring employee credentials, which were obtained through a social engineering attack targeting Mailchimp employees and contractors, according to Bleeping Computer.

The cyber attack was detected by the firm on January 11th when they noticed that an unauthorized person was accessing their support tools. This resulted in a temporary suspension of Mailchimp account access where suspicious activities were seen to protect customer data.

Mailchimp notified their primary contacts for the affected accounts the following day, not 24 hours after the discovery. In a separate email, the company provided steps to assist users in securely reinstating access to their Mailchimp accounts

WooCommerce, an eCommerce plugin for WordPress, was one of the victims of the system breach. The eCommerce platform already alerted its customers in a tweet, stating that the Mailchimp breach exposed their names, store URLs, and email addresses.

Although, they assured that no payment data, passwords, or other sensitive security information is part of the breach. They added that customer stores and customer data have not been impacted by the incident, and neither did WordPress and WooCommerce accounts.

Previous Attack

The company also experienced a breach nearly a year ago. They first detected the attacker trying to access one of their internal tools, which was used by customer-facing teams for customer support and account administration.

It was also because of a Mailchimp employee falling victim to a social engineering attack, resulting in employee credentials being stolen. They opened an investigation with the help of third-party forensic professionals to assess the damage on March 26th.

They immediately limited employee access to internal systems to prevent further damage. Mailchimp discovered that 319 Mailchimp accounts were viewed and 102 of those accounts had audience data exported from them, according to their website.

Around April 2022, Trezor hardware wallet owners experienced security incidents, wherein the customers received fake data breach notifications to urge them to download a fake Trezor Suite software. The fake software will then steal their recovery seeds, reports say.

The data involved in the Trezor incident belonged to 106,856 of their customers. They warned that anyone who accessed their wallets using Trezor Suite was at risk of having their cryptocurrency assets stolen.

Trezor announced it via Twitter, also revealing that the list of emails used in the phishing campaign was stolen in the Mailchimp breach. The email marketing firm initially claimed that 214 Mailchimp accounts were accessed, motivated by cryptocurrency-related factors.

It was then admitted by the company that the breach was more extensive than it first said. The Mailchimp employees that fell victim to Okta phishing attacks called "okatpus." This allowed the threat actors to access the company's systems in the first place.