MailChimp suffered another data breach after hackers accessed an internal customer support and account administration tool, allowing the threat actors to access the data of 133 customers.
MailChimp says the attackers gained access to employee credentials after conducting a social engineering attack on Mailchimp employees and contractors.
“After we identified evidence of an unauthorized actor, we temporarily suspended account access for Mailchimp accounts where we detected suspicious activity to protect our users’ data,” reads a statement about the security incident.
“We notified the primary contacts for all affected accounts on January 12, less than 24 hours after the initial discovery.”
In response to our questions about the breach, MailChimp shared the following statement.
“While we do not share customer information as a matter of course, we can share that no credit card or password information was compromised as a result of this incident,” MailChimp told BleepingComputer.
“Our investigation into the matter is ongoing and includes identifying measures to further protect our platform. For operational security reasons, we are not publicly commenting on the actions we are taking. – MailChimp.
