The internal customer support and account admin tool of one of the most utilised email marketing platforms, MailChimp, has reportedly faced a data breach attack from unknown hackers. This recent incident caused the theft of MailChimp’s internal database containing information owned by 133 customers.
According to the email marketing firm’s statement, a social engineering tactic against its employees and contractors allowed the hackers to perform their operation. The attack resulted in hackers successfully accessing employee credentials and stealing data.
Unauthorised access from an unknown entity was identified on the email marketing platform’s infrastructure last January 11.
The firm explained that they immediately launched temporary account suspensions for some MailChimp accounts where suspicious activities from hackers were detected. This precautionary measure is to protect users’ data from being further compromised.
Moreover, the email marketing firm assured its partners and clients that no credit card or password data had been exposed. A continuous investigation is underway until the company fully identifies the incident’s scope and has mitigated it.
Nonetheless, MailChimp clarified that they refrain from publicly commenting on all actions they take as part of operational security.
In related news, another report reveals that this recent MailChimp breach affected WooCommerce, a popular eCommerce plugin for WordPress. Upon learning of the incident, WooCommerce’s management promptly notified their clients about a data exposure containing full names, addresses, email addresses, and online shop URLs.
There is currently no sign of data misuse from the exposed customer information. However, WooCommerce warned that these incidents often lead to hackers attempting to conduct phishing attacks to inject malware on computers, steal credentials and monetary assets, or perform identity fraud.
While this news is still developing, customers of the affected email marketing platform are strongly advised to take immediate action, including changing their passwords to more secure ones and activating multi-factor authentication (MFA).
Users must also closely monitor their accounts and report to the company or authorities immediately if suspicious activities occur.
