Η Mailchimp, μια εταιρεία μάρκετινγκ ηλεκτρονικού post officeυ και ενημερωτικών δελτίων ανακοίνωσε ότι παραβιάστηκε και ότι δεκάδες δεδομένα πελατών κυκλοφορούν στο διαδίκτυο.
It is the second time the company has been hacked in the last six months. Worse, this time the breach appears to be almost identical to the previous incident.
Mailchimp reported to a post on her blog that its security team identified an attacker on January 11th who had accessed one of the internal tools used by support customers and company account management. The company did not say how long the attacker had been on its systems.
Mailchimp said the hacker targeted its employees with a social engineering attack via phone, email and SMS to obtain private information such as passwords. The hacker then used employee passwords to access Mailchimp data.
One of these hacked accounts belongs to e-commerce giant WooCommerce. In a note to its customers, WooCommerce said it was notified by Mailchimp a day later and that the breach may have exposed its customers' names, store web addresses and email addresses.
Last August, Mailchimp again announced that it was the victim of a social engineering attack that targeted the credentials of its customer support staff, giving the attacker access to internal Mailchimp tools. In this breach, data was leaked for around 214 major compromised Mailchimp accounts, mainly cryptocurrency accounts but also DigitalOcean confirmed that the account was breached and harshly criticized Mailchimp's handling of the breach.
Mailchimp said at the time that it had implemented "additional enhanced security measures," but did not say what they were.
