Security News > 2022 > April > Mailchimp: Crook stole cryptocurrency clients' mailing-list subscriber info

We're told the fraudster accessed some 319 Mailchimp accounts, and exfiltrated "Audience data" from 102 of them.

According to Smyth, Mailchimp's security engineers became aware of the break-in on March 26 after a cybercriminal gained accessed to a tool that the Mailchimp customer-facing teams use for customer support and account administration.

In other words, someone outside gained control of a worker's internal system account and used that to get at Mailchimp account data and subscribers' contact info.

During the course of that probe, Mailchimp determined that some accounts' API keys were potentially accessed by the intruder.

These API keys could be used by an attacker to launch more phishing campaigns against Mailchimp mailing list subscribers.

In addition to saying that Mailchimp notifies account owners of any unauthorized account access as soon as possible, Smyth recommended netizens adopt two-factor authentication to keep their online accounts secure.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/05/mailchimp_confirms_breach/