Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams

Wed, 06 Apr 2022 9:27:00 Dan mailchimp , phishing , scams

Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks.

The development was first reported by Bleeping Computer.

The company, which was acquired by financial software firm Intuit in September 2021, told the publication that it became aware of the incident on March 26 when it became aware of a malicious party accessing the customer support tool.
"The incident was propagated by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised," Siobhan Smyth, Mailchimp's chief information security officer, was quoted as saying.

Although Mailchimp stated it acted quickly to terminate access to the breached employee account, the siphoned credentials were used to access 319 MailChimp accounts and further export the mailing lists pertaining to 102 accounts.

About the author

Dan

I'm a long-time user and enthusiast of open source software and espouse the philosophy that software code should be open (readable). So that everyone can see what happens behind the scenes while we use our electronic devices every day.