Security News > 2023 > January > Mailchimp Suffers Another Security Breach Compromising Some Customers' Information
Popular email marketing and newsletter service Mailchimp has disclosed yet another security breach that enabled threat actors to access an internal support and account admin tool to obtain information about 133 customers.
"The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack," the Intuit-owned company said in a disclosure.
Mailchimp said it identified the lapse on January 11, 2023, and noted that there is no evidence the unauthorized party breached Intuit systems or other customer information beyond the 133 accounts.
Which is one of the breached accounts, said the incident exposed users' names, store URLs, addresses, and email addresses but not their payment data, passwords, or other sensitive information.
In the past year alone, Mailchimp has been the victim of two different breaches, the first one of which involved a malicious actor gaining unauthorized access to 319 customer accounts in April 2022 with the goal of carrying out crypto phishing scams.
Then in August 2022, it fell for another elaborate social engineering attack orchestrated by a group called 0ktapus that resulted in the compromise of 216 customer accounts.
News URL
https://thehackernews.com/2023/01/mailchimp-suffers-another-security.html