MADRID, 19 Jan. (Portaltic/EP) –
MailChimp has confirmed that it suffered a social engineering attack that put a total of 133 customer accounts after the cybercriminals accessed his database through the account of one of his employees.
This automation platform is focused on sending email and advertising campaigns between companies and customers, which allows you to configure audiences and analyze reports of these campaigns, among other activities.
The company has reported that on January 11, its security team identified an unauthorized actor who had accessed one of the tools used by its customer service employeesintended for the administration of customer accounts.
According to Mailchimp, this cybercriminal carried out a social engineering attack against its workers, thanks to which it gained access to selected accounts of its service. To do this, he used the credentials of the employees who were victims of this campaign.
From the platform they have confirmed that, according to their investigation, a total of 133 customer accounts and that there is no evidence that this commitment has affected the rest of the users or the systems of Intuit, owner of Mailchimp.
With this, it has clarified that, after identifying this breach, it solved this problem by temporarily suspending access to the employee’s account to protect those that had been violated. Then, notified users of affected accounts on January 12, that is, “less than 24 hours after initial discovery.”
To these same accounts, Mailchimp also sent an email outlining the steps to take to securely re-establish access to their Mailchimp accounts.
This is not the first time that the platform has been involved in an attack of these characteristics, since another threat actor used the same internal tool in March of last year to gain unauthorized access to some 300 customer accounts.
Then, the malicious agent managed to export data and credentials from 102 clients belonging to sectors such as finance and cryptocurrencies, as well as obtaining access to API keys for an unknown number of clients, as confirmed by the company to TechCrunch.
