Mailchimp, an email marketing and newsletter company announced that it was hacked and that dozens data of customers are circulating on the internet.
It is the second time the company has been hacked in the last six months. Worse, this time the breach appears to be almost identical to the previous incident.
Mailchimp reported to a post on her blog that the team Its security team detected an attacker on January 11 who accessed one of the internal tools used by the company's customer support and account management. The company did not say how long the attacker had been on its systems.
Mailchimp said the hacker targeted its employees with a social media attack engineerings via phone, email and SMS to obtain private information such as passwords. The hacker then used employee passwords to access Mailchimp data.
One of these hacked accounts belongs to e-commerce giant WooCommerce. In a note to its customers, WooCommerce said it was notified by Mailchimp a day later and that the breach may have exposed its customers' names, store web addresses and email addresses.
Last August, Mailchimp again announced that it was the victim of a social engineering attack that targeted the credentials of its customer support staff, giving the attacker access to internal Mailchimp tools. In this breach, data was leaked for around 214 major hacked Mailchimp accounts, mostly cryptocurrency accounts but also DigitalOcean confirmed that its account was breached and strongly criticized Mailchimp's handling of the breach.
Mailchimp said at the time that it had implemented "additional enhanced security measures," but did not say what they were.
