- Mailchimp has announced that their systems were breached by hackers, approximately 8 months after a breach in the previous year.
- The attackers have managed to access the data of the 133 customers, including some information in the mailing lists connected to those accounts.
- One of those Mailchimp accounts appears to be WooCommerce, the hugely popular e-commerce plugin by Automattic, thus, its huge database of customers.
One of the most popular email marketing and newsletter services, Mailchimp, has announced that its systems were breached by hackers. It is the second time Mailchimp was hacked in the last year. The breach affected a relatively low number of customers, however, there are some big names among them.
Accessed 133 accounts
According to Mailchimp’s official announcement of the incident, threat actors have accessed one of the tools that are being used for customer support and account administration by conducting social engineering attack on the Mailchimp employees. As a result of this attack, the threat actors managed to access 133 Mailchimp accounts, thus, the data connected to those accounts including their customers’ names, email addresses, and store URLs. Thankfully, the payment data, passwords, and other sensitive data seem to be safe.
One of the biggest Mailchimp customers is the hugely popular e-commerce plugin for WordPress, WooCommerce. It is a great plugin developed by Automattic and some of the sources state that there are at least 5 million e-commerce sites that utilize WooCommerce. That means the breach of this single Mailchimp account resulted in access to a very large amount of personal data. And 132 more Mailchimp accounts were breached to remind.
Currently, there is evidence that those exposed accounts were used by hackers. However, that information might be used for social engineering and phishing attacks in the future.
Mailchimp said,
« We know that incidents like this can cause uncertainty, and we’re deeply sorry for any frustration. We are continuing our investigation and will be providing impacted account holders with timely and accurate information throughout the process. »