Email marketing and newsletter giant Mailchimp disclosed a new data breach after employees were hacked. Mailchimp confirmed that dozens of customer data has been released. It is the second time in the past six months that the company has suffered a data breach. However, this breach appears to be virtually identical to an earlier incident.
MailChimp reveals new breach after employees were hacked
The company confirmed in a blog post that on Jan. 11, its security team detected an intruder accessing one of its internal tools used by Mailchimp’s customer support and accounting department. However, the company did not disclose how long the intruder was in its systems.
Also check: GoTo & LastPass Hacked – Customer Data Accessed via Breach
Mailchimp said the hacker targeted its employees and contractors with a social engineering attack. The hackers used the phone, email, or text manipulation techniques to obtain private information, such as passwords. The company also confirmed that the hacker has accessed data on 133 Mailchimp accounts.
One such targeted account is from ecommerce giant WooCommerce. In a message to customers, WooCommerce also confirmed that the breach may have exposed the names, store web addresses, and email addresses of its customers. However, the company also made sure that no customer passwords or other sensitive data were compromised.
Last August, Mailchimp also fell victim to a similar data breach. In that breach, data on some 214 Mailchimp accounts was compromised, primarily from cryptocurrency and financial-related accounts.
At the time, Mailchimp said it had implemented “an additional set of enhanced security measures”. But after this breach, it seems those measures have failed. It is not clear who is responsible for cybersecurity at Mailchimp.
Also see: Hackers breach Norton Password Manager accounts