Mailchimp reports second cyber security incident in 9 months

Email marketing provider Mailchimp, currently owned by Intuit, has revealed second cyber security incident – exposing data of at least 133 customers.
Mailchimp email marketing
It’s the second time Mailchimp system was hacked in the past nine months. Mailchimp said at least 133 customers’ data was exposed during the second cyber attack. 214 Mailchimp accounts were affected during the first cyber security incident in August 2022.

“Based on our investigation to date, this targeted incident has been limited to 133 Mailchimp accounts. There is no evidence that this compromise affected Intuit systems or customer data beyond these Mailchimp accounts,” Mailchimp said in a news statement.

The Mailchimp Security team identified an unauthorized actor accessing one of its tools used by its customer-facing teams for customer support and account administration.

“The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack,” Mailchimp said.

After it identified evidence of a hacker, it temporarily suspended account access for Mailchimp accounts where it detected suspicious activity to protect our users’ data.

“We notified the primary contacts for all affected accounts on January 12, less than 24 hours after initial discovery,” said the company in its latest statement.

The company has sent emails to affected accounts with steps to help users reinstate access to their Mailchimp accounts safely.

In April last year, hackers stole data from more than 100 clients of Mailchimp after they broke into its services, using the data to mount phishing attacks on the users of cryptocurrency platforms.

The hackers were able to view around 300 Mailchimp user accounts and obtain audience data from 102 of them.