Mailchimp confirms that it suffered a social engineering attack that put the accounts of 133 customers at risk

MADRID, 19 Jan. (Portaltic/EP) –

MailChimp has confirmed that it suffered a social engineering attack that put a total of 133 customer accounts after the cybercriminals accessed his database through the account of one of his employees.

This automation platform is focused on sending email and advertising campaigns between companies and customers, which allows you to configure audiences and analyze reports of these campaigns, among other activities.

The company has reported that on January 11, its security team identified an unauthorized actor who had accessed one of the tools used by its customer service employeesintended for the administration of customer accounts.

According to Mailchimp, this cybercriminal carried out a social engineering attack against its workers, thanks to which it gained access to selected accounts of its service. To do this, he used the credentials of the employees who were victims of this campaign.

From the platform they have confirmed that, according to their investigation, a total of 133 customer accounts and that there is no evidence that this commitment has affected the rest of the users or the systems of Intuit, owner of Mailchimp.

With this, it has clarified that, after identifying this breach, it solved this problem by temporarily suspending access to the employee’s account to protect those that had been violated. Then, notified users of affected accounts on January 12, that is, “less than 24 hours after initial discovery.”

To these same accounts, Mailchimp also sent an email outlining the steps to take to securely re-establish access to their Mailchimp accounts.

This is not the first time that the platform has been involved in an attack of these characteristics, since another threat actor used the same internal tool in March of last year to gain unauthorized access to some 300 customer accounts.

Then, the malicious agent managed to export data and credentials from 102 clients belonging to sectors such as finance and cryptocurrencies, as well as obtaining access to API keys for an unknown number of clients, as confirmed by the company to TechCrunch.

Related articles

Professional development through podcasts: another way to listen

When we develop a process of change and improvement we always break a previous scheme. We do it because...

Discover the five most obedient and easy-to-train dog breeds, according to experts

By Antonieta Bolaños HermozaSeptember 28, 2023 at 3:52 p.m.If you have had a pet since it was a puppy, you have surely had...