Mailchimp reports third hack in year where hackers gained access to accounts
Mailchimp says hackers gained access to its tools and Mailchimp accounts from 133 customers earlier this month. It is the third attack in a year and also the third in which the criminals used social engineering.
The hackers knew through social engineering access the Mailchimp accounts of one or more Mailchimp employees. In the attack, which took place on January 11, they gained access to the accounts of 113 Mailchimp customers. Access to these accounts was temporarily suspended after discovering the attack and customers were notified on January 12.
The email marketing service does not say what data was stolen and which customers were affected. WooCommerce, an open source e-commerce WordPress plugin, said in an email to customers it was affected by the attack. The organization says that names, store URLs and email addresses may have fallen into the hands of hackers. No passwords or payment information was stolen. Also, no customer data has been stolen from WooCommerce stores.
It is not the first time that hackers have gained access to Mailchimp accounts through social engineering. Previously this happened in April and August last year. In these two attacks, the hackers focused on cryptocurrency service providers and hackers gained access to more than 300 accounts in total.