Mailchimp Suffers Another Breach; Over 130 Customer Data Affected

Email marketing automation platform Mailchimp disclosed another breach, impacting the data of more than 130 customers. Attackers orchestrated a social engineering campaign against Mailchimp employees and contractors to hack into their accounts.

After breaking through, perpetrators stole sensitive data from the customers. Mailchimp first identified the attack on January 11 after detecting unauthorized access to one of its customer support tools.

“After we identified evidence of an unauthorized actor, we temporarily suspended account access for Mailchimp accounts where we detected suspicious activity to protect our users’ data,” reads Mailchimp’s announcement. “We notified the primary contacts for all affected accounts on January 12, less than 24 hours after initial discovery.”

The company said it notified the primary contacts of all affected accounts less than 24 hours after discovering the incident. It also said the breach didn’t expose credit card or password information, according to BleepingComputer.

Mailchimp decided to keep things under wraps for the moment but said it’s focused on further investigating the situation and securing its platform.

Reportedly, WooCommerce is among those affected by the breach. The company notified its customers that the Mailchimp breach may have exposed some of their personal data, including names, addresses, store URLs and email addresses.

In the notification email, WooCommerce stressed that the breach exposed no payment data, passwords or other sensitive information. Still, affected customers should be aware of other malicious campaigns that may weaponize their leaked data. Threat actors often use harvested email addresses in elaborate phishing campaigns or credential-stuffing attacks.

Specialized tools like Bitdefender Digital Identity Protection can protect your identity from data breaches. Key features include:

• Digital footprint overview that includes traces from no-longer-used services
• Continuous monitoring of public and Dark web sources for breaches or incidents involving your data and identity
• Instant action to address leaks and weak points in your digital footprint