Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense
Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense
Hub Image

IOTW: Mailchimp suffers another social engineering attack

The marketing automation company has been the victim of its second hack within 12 months

Add bookmark
Olivia Powell
Olivia Powell
01/19/2023
Mailchimp suffers another social engineering attack

Marketing automation company Mailchimp has reported that it has been the victim of a social engineering attack-related data breach. This marks the second cyber attack of this kind the company has suffered in less than a year. 

The cyber attack took place on January 11 and, according to Mailchimp, involved an “unauthorized actor accessing one of [the] tools used by Mailchimp customer-facing teams for customer support and account administration”.  

Following this, the malicious actor launched social engineering attacks on Mailchimp employees and contractors used by the company. Through these attacks, the hacker was able to steal employee credentials and then used this login information to gain access to “select Mailchimp accounts”.

Mailchimp reported that the attack was targeted and limited to 133 accounts. In the wake of the attack, Mailchimp suspended access for those accounts compromised in the attack to protect users’ data, and notified the owners of the accounts of the suspicious activity. All those affected were notified by Mailchimp by January 12, and the company has been working with them to safely reinstate their accounts.

Mailchimp has not published any information on the users targeted by the attack, however evidence suggests that cryptocurrency and finance companies were the intended victims. Cryptocurrency company and developer of the Bored Ape Yacht Club NFT collection, Yuga Labs, warned its community on January 19 that it had been a victim of the social engineering attack.

In a series of tweets, the cryptocurrency company explained that its account was “one of many compromised” in the attack and specified that while the company does not frequently use Mailchimp, it wanted to warn its customers out of an “abundance of caution”. The company went on to clarify that while its data may have been accessed during the cyber attack, there was currently no data that it had been exported.

This social engineering attack and data breach mirrors a similar attack against the company in March 2022, which also saw cryptocurrency and finance companies targeted.

Mailchimp’s 2022 data breach

On March 26, 2022, Mailchimp was the victim of a data breach following a social engineering attack. The attack saw the hackers gain access to and export data from Mailchimp accounts, which the malicious actors then used to target customers of businesses that used Mailchimp for business-related services.

Mailchimp said that the cyber security incident was “propagated by a bad actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised”. 

The bad actor also attempted to send a phishing campaign to a user’s contacts from said user’s account using the information they obtained during the attack.

Mailchimp reported that 319 accounts were viewed and audience data was exported from 102 of those accounts. An investigation revealed that the businesses targeted were those within the cryptocurrency and finance industries.

As a result of the hack, bitcoin hardware wallet Trezor had an inside compromise of a newsletter database hosted on Mailchimp. Due to the compromise, its users were targeted by a malicious phishing attack on April 3, 2022.

This attack included false information about Trezor experiencing a “security attack”. It then prompted victims to download and connect their Bitcoin wallets to a Trezor suite lookalike app, in addition to entering their seed phrases into the app.

Trezor  stated: “For this attack to be successful, users had to install the malicious software on their devices, at which point their operating system should identify that the software comes from an unknown source. This warning should not be ignored as all official software is digitally signed by SatoshiLabs.”  

The company went on to say that users should only be concerned about their Bitcoin funds if they had entered their seed phrases into the malicious app. 

Tags: cyber attack phishing cyber security news

More From Incident of the Week

IOTW: Victoria Court recordings exposed in suspected ransomware attack

Unauthorized access disrupted audio visual in-court technology network impacting video recordings, a...

2024-01-05 by Michael Hill
IOTW: Xfinity data breach impacts 35 million customers

Exposed data includes usernames, hashed passwords and social security numbers

2023-12-22 by Michael Hill
IOTW: Russia-linked cyber attack targets Ukraine’s biggest phone operator

Powerful attack knocked out internet access and mobile communications, damaging IT infrastructure

2023-12-15 by Michael Hill
IOTW: HTC confirms cyber attack as BlackCat ransomware gang teases stolen data

BlackCat/ALPHV ransomware group leaked photos of what appears to be stolen passports, contact lists,...

2023-12-08 by Michael Hill
IOTW: Okta data breach affects all customer support users

Hackers stole information on all users of Okta’s customer support system

2023-12-01 by Michael Hill
Go To Hub

RECOMMENDED

FIND CONTENT BY TYPE

Cyber Security Hub COMMUNITY

ADVERTISE WITH US

Advertise Now

JOIN THE Cyber Security Hub COMMUNITY

Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.

Learn more
iqpc logo

Cyber Security Hub, a division of IQPC

© 2024 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings.

Careers With IQPC| Contact Us | About Us | Cookie Policy