Mailchimp, the world-renowned email marketing and newsletter platform, recently revealed that they were hacked again – a shocking revelation given their breach only six months ago. Miraculously, this new attack is virtually indistinguishable from the original intrusion. Sadly, dozens of customers have been affected by this malicious act with their private data compromised as a result.
On January 11, a security team noticed an intruder in Mailchimp’s internal tools used by customer service and account administration. Unfortunately, the company is still unable to determine how long they had access or even who it was that broke into their systems. Intuit-owned Mailchimp revealed this information through an unpublished blog post which did not attribute any authorship of said statement.
Mailchimp has confirmed that a hacker utilized social engineering methods to target their employees and contractors. Through manipulation, the hacker was able to gain access to employee passwords which gave them entry into 133 Mailchimp accounts – notifications of this cyber-attack were promptly sent out.
One of the affected accounts was that of leading e-commerce provider WooCommerce. In their notice to clients, they mentioned being informed by Mailchimp a day after the incident happened, and divulged that consumer names, store web addresses and email addresses could have been exposed during this breach; however reassured customers that no passwords or other private information were taken.
The widely popular open-source eCommerce tools of WooCommerce, used by millions worldwide to build and maintain small businesses, depend on Mailchimp for sending emails. With an impressive 5 million customers in its network, WooCommerce continues to be a powerhouse in the industry.
If this situation sounds somewhat familiar, it’s probably because something similar happened last August. Mailchimp reported that one of its customer support staff had their credentials compromised by a social engineering attack, granting the intruder access to internal tools.
In this security breach, 214 Mailchimp accounts were exposed; most of which belonged to cryptocurrency and finance-related organizations. Cloud giant DigitalOcean confirmed that its account was also affected by the incident and harshly criticized Mailchimp for its management of the breach.
Mailchimp stated that they had put new security protocols in place at the time of the breach, but refused to reveal what those measures were. With a similar attack happening again after implementing these additional precautions, it is unclear whether Mailchimp realized its enhanced procedures or if it failed.
In the aftermath of Mailchimp’s August breach, Siobhan Smyth (their former Chief Information Security Officer) departed abruptly. Now, it is unclear whether anyone holds accountability for ensuring cybersecurity at this company.
Regardless, it is important to remember that data breaches are unfortunately a common occurrence in the digital world. Mailchimp users should take the necessary steps to protect themselves after this incident, with two-factor authentication being an especially useful security measure. As always, it’s better to be safe than sorry!
We will continue to monitor the situation as it develops and keep you updated on any further developments. Stay safe out there!
Shivendra Tiwari is an Engineer and an MBA in Marketing. He is the Content head at Marketing91 and a thorough Online Marketing enthusiast. Shivendra loves to follow different brands and study their Business and Marketing tactics.