Mailchimp, a well-known email marketing and newsletter service provider, has revealed yet another security lapse that gave threat actors access to internal support.
In a statement about the incident, Mailchimp stated that it discovered the breach on January 11, 2023, and added that there is no proof the unauthorized party obtained any user information besides the 133 accounts.
There needs to be official clarity on how long the hacker could remain at the site. Additionally, Mailchimp has refrained from giving further information on the type of information accessed by the hacker.
“The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors and obtained access to select Mailchimp accounts using employee credentials compromised in that attack,” this is how the official report on the attack confirms it.
In recent times, Mailchimp has been the victim of such attacks. Last year, there were two different hacks suffered by the former.
The first incident took place in April 2022. According to reports, the hacker aimed at performing crypto phishing scams. Three hundred nineteen customer accounts were compromised.
As per other sources, the latest hack led to compromised user names, mail addresses, URLs, etc.,
Mailchimp temporarily terminated account access to accounts where suspicious activity was found.
The second hack last year took place in August 2022. It is a matter of grave concern as this is the second attack within a short span of six months.