Security News > 2023 > January > Mailchimp 'fesses up to second digital burglary in five months

Email marketing service Mailchimp has confirmed intruders have gained access to more than 100 customer accounts after successfully deploying a social engineering attack.

The latest digital burglary happened on January 11 when the resident security team spotted an "Unauthorized actor accessing one of our tools used by Mailchimp customer-facing teams for customer support and account administration," the company blog states.

The criminal used employee credentials to break into 133 Mailchimp customer accounts, though the business says there is no evidence currently that the compromise affected Intuit systems "Or customer data beyond these accounts."

"After we identified evidence of an unauthorized actor, we temporarily suspended account access for Mailchimp accounts where we detected suspicious activity to protect our users' data," it says.

Mailchimp suffered another break-in in August when it confirmed a criminal had accessed tools used by customer support and administration teams, via a social engineering attack, to gain entry to 214 Mailchimp accounts.

Digital Ocean migrated services to an alternative provider and said a "Very small" number of customers had seen crooks attempt to get into their accounts.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/01/19/mailchimp_fesses_up_to_2nd/