Mailchimp, an email marketing and newsletter company, has announced that it has been hacked and that dozens of customer data has been released online.
It is the second time the company has been hacked in the last six months. Worse, this time the breach appears to be almost identical to the previous incident.
Mailchimp reported to a post on her blog that the team ασφαλείας της εντόπισε έναν εισβολέα στις 11 Ιανουαρίου που είχε πρόσβαση σε ένα από τα εσωτερικά εργαλεία που χρησιμοποιούν από την support πελατών και τη management company accounts. The company did not say how long the intruder had been on its systems.
Mailchimp reported that the hacker targeted its employees with a social engineering attack via phone, email and SMS to obtain private information such as passwords. The hacker then used employee passwords to access Mailchimp data.
One of these hacked accounts belongs to e-commerce giant WooCommerce. In a note to its customers, WooCommerce said it was notified by Mailchimp a day later and that the breach may have exposed its customers' names, store web addresses and email addresses.
Last August, Mailchimp again announced that it was the victim of a social engineering attack that targeted the credentials of its customer support staff, giving the attacker access to internal Mailchimp tools. In this breach, data was leaked for around 214 major compromised Mailchimp accounts, mainly cryptocurrency accounts but also DigitalOcean confirmed that the accountwas breached and harshly criticized Mailchimp's handling of the breach.
Mailchimp said at the time that it had implemented "additional enhanced security measures," but did not say what they were.