Security News > 2022 > August > DigitalOcean customers affected by Mailchimp “security incident”

"On August 8th, DigitalOcean discovered that our Mailchimp account had been compromised as part of what we suspect to be a wider Mailchimp security incident that affected their customers, targeted at crypto and blockchain. From that Mailchimp incident, we suspect certain DigitalOcean customer email addresses may have been exposed," shared Tyler Healy, VP Security at DigitalOcean.

Mailchimp is an email marketing automation platform, which DigitalOcean uses - or did use, until this incident - to deliver "Email confirmations, password resets, email-based alerts for product health, and dozens of other transactional emails" to its users.

"During that same timeframe on August 8th, our Security Operations team was made aware of a customer who claimed their password had been reset, without their initiation. Recognizing a likely connection between our sudden loss of transactional email, and potentially malicious password resets, which are delivered via email, a security incident and investigation was launched in parallel with the teams addressing our email outage."

The investigation discovered that DigitalOcean's Mailchimp account had been compromised, and soon after suspended by Mailchimp.

The incident spurred DigitalOcean to end their collaboration with Mailchimp and go with another email service provider.

Finally, the incident will spur them to push customers towards enabling 2-factor authentication on their account, while they are simultaneously thinking about making "Two-factor authentication on-by-default for all DigitalOcean customer accounts."

News URL

https://www.helpnetsecurity.com/2022/08/16/mailchimp-digitalocean-security-incident/