There has been another MailChimp data leak, and customer data has again been copied without permission. The mail service provider suspects targeted attacks against users from the crypto industry.
Previously, there was a Mailchimp data leak in March 2022 and the company came out detailing what happened, their response, and the impact it had on them and their customers. More details about this are given at the end of this report.
Mailchimp data leak – the struggle
The mail service provider MailChimp has repeatedly struggled with the loss of customer data. According to a statement, customers from the crypto industry are mainly affected, whose personal data is particularly sought after by cybercriminals for phishing attacks. But the cloud service provider DigitalOcean also informed some of its customers last night that their e-mail addresses had been copied without permission.
Target crypto wallets
Mailchimp’s susceptibility to attacks
Attacks on crypto wallets are a lucrative source of income for criminals. However, in order to be able to send deceptively real phishing e-mails precisely, e-mail addresses required whose owners have an account with the targeted exchange. Email service providers are therefore a worthwhile target for supply chain attacks – Mailchimp was an involuntary accomplice in a phishing attack on the wallet manufacturer Trezor back in April.
Now Mailchimp has once again informed its customers about a successful break-in in a cryptic blog post. Although the service provider focuses on its customers from the crypto industry in the article and does not mention the unauthorized outflow of data with a syllable, the cloud provider DigitalOcean – which sent its customer newsletters via Mailchimp – is clearer in its own security report.
The successful attack on the Mailchimp account was noticed as early as August 8, and some of the customer email addresses stored there were viewed and fished out by criminals. All customers affected by the data leak have been informed and some DigitalOcean accounts that have been attacked with password reset attacks have been secured. In addition, the cloud service provider immediately terminated its business relationship with Mailchimp.
DigitalOcean, a business that makes cloud computing simpler so developers can devote more time to making software that transforms the world, has called on its customers to be more vigilant against targeted phishing attacks and recommends – as is now common in such security advice – the activation of two-factor authentication for the cloud account.
Information about Mailchimp data leak in March 2022
Information about a recent security incident using Mailchimp.
After the Mailchimp data leak, they came out saying they are devoted to being open and honest on the incident because the security of their users is their top priority. They added that since they take seriously their duty, the onus rests on them to protect the privacy and the data of their customers.
On March 26, our security team learned that a malicious user had gained access to one of our internal tools that customer-facing teams use for account management and customer support. The issue was spread by a bad actor who carried out an effective social engineering attack on Mailchimp employees, which led to the breach of employee credentials. We are dedicated to being open and honest about what we know and our actions.
What took place and how we reacted
Using the information they had gained during the March 26 assault, the bad actor attempted to send a phishing campaign to a user’s contacts from the user’s account on April 2 as part of the same incident. After alerting the account owner and blocking the malicious user from the user’s account, we were able to prevent further access to the Mailchimp platform. Yet another method was used to send a phishing campaign to the user’s contacts. This is the sole phishing effort that we have so far discovered or that customers have reported as a result of this incident.
We started an inquiry on March 26 and hired independent forensics experts to learn more about what occurred and its possible repercussions. We took prompt action to remedy the issue by restricting employee access to internal systems right away. We’re enacting an additional set of strong measures to assist safeguard the security of our users’ data while this event is being investigated because it’s normal for these types of occurrences to involve many attackers.
Siobhan Smyth, the CISO at Mailchimp said that 102 of the 319 Mailchimp accounts that were visited had audience data exported from them, according to our study so far. Our research indicates that this was a targeted event that targeted users working in the bitcoin and financial sectors. The affected accounts’ owners have all been informed.
We deeply regret any worry and apprehension this may have brought on for our users and their clients. We are proud of our infrastructure, security culture, and the confidence our clients have in us to protect their data. We are confident in the security measures we’re putting in place and the efforts we’re taking to safeguard the data of our users and aid in the prevention of further instances.Siobhan Smyth, the CISO at Mailchimp
We are dedicated to carrying out our inquiry into this occurrence and maintaining open lines of contact all through it. We’ll revise this assertion as necessary to reflect new information or discoveries.
Was my data compromised if I’m a Mailchimp user?
Our research is still in progress, however, based on our first evaluation, 319 Mailchimp accounts were visited, and 102 of those accounts had audience data exported. We sent emails to the owners of all impacted accounts. We have no reason to suspect that your account has been impacted at this time if Mailchimp has not informed you. Please get in touch with Mailchimp support if you have any additional queries.
Maybe I got a phishing email, I think. What ought I to do?
Do not click any links in an email you think may be fraudulent or phishing. We advise reporting the phishing email to the company immediately if it looks to be from one of their clients.
How did the attacker gain access to client audience data?
Through the use of social engineering, a malicious party was able to access a customer support internal tool by hacking into a Mailchimp employee’s account. This access allowed the malicious party to inspect customer accounts and extract specific audience data.
What steps is Mailchimp taking to ensure that such incidents don’t occur again?
Data security for our users is our top concern. We’re putting in place an additional set of proactive steps to guarantee the security of our users’ data while this event is being investigated because it’s normal for these types of situations to involve many attackers.