DigitalOcean published a threat advisory regarding a MailChimp security breach that exposed numerous customers’ email addresses. All the affected email addresses have received unauthorised password resets.
MailChimp initially disabled DigitalOcean’s account without its consent, thus realising that a security breach had occurred. DigitalOcean utilised its MailChimp account to disseminate email confirmations, alerts to its users, and password reset notifications.
The affected company also revealed that one of its customers notified its security team about a password reset of its account without authorisation. The report initiated an investigation which revealed that an unauthorised email address from a domain named “@arxxwalls[.]com” was added by an entity to the MailChimp account and used in emails.
DigitalOcean then contacted the email marketing firm since they believed their account was breached. However, they did not get a response from the company until recently, when they confirmed that a hacker had acquired access to the company’s internal support kits.
Follow-up investigations stated that the threat actor utilised the stolen customer email addresses to attempt and obtain access to DigitalOcean accounts by executing password resets. Fortunately, the email accounts are protected by multi-factor authentication, avoiding the attempts of password resets.
DigitalOcean switched providers because of the attack against MailChimp.
After the breach, DigitalOcean has employed another email service provider since MailChimp became a targeted provider by threat actors.
The popular email marketing firm also published a security advisory recently but did not provide detailed information regarding the attack other than saying that the threat actors targeted crypto-related customers.
The breached provider still revealed that an attack infected them after the threat actors adopted phishing and social engineering strategies, which enabled them to access 214 MailChimp accounts. They are currently working to reinstate accounts and further study the incident.
Other clients confirmed to have been suspended without alerts, including Cointelegraph, NFT developers, Messari & Decrypt, Edge Wallet, and Ethereum FESP.
This recent security breach incident has been the second instance that MailChimp suffered this year. Their internal support tools were compromised last April to target crypto-related customers, which resulted in a massive phishing campaign targeting Trezor hardware wallet users.
