Mailchimp the latest big name to suffer from a cyber security breach

Well known and highly regarded email marketing and newsletter juggernaut, MailChimp became the latest big name to suffer a cyber security breach as numerous customers data were exposed. This is a worrying concern given that it’s the 2nd time this has happened in 6 months with the exact same thing being responsible as the first time.  

News of the hack came when an unofficial blog post from the security team stated that an intruder accessed one of its internal tools popular with Mailchimp customer support and admin on January 11th but failed to mention how long the intruder was in the system for. Furthermore, it went on to reveal that the hacker was going after employees as well as contractors via social engineering access points whereby someone makes use of manipulation techniques through phone, emails or text to access sensitive information such as logins and passwords. From this, the hacker was able to gain access to passwords to enable them to gather data from 133 Mailchimp accounts at which point the company then found out it had been hacked. 

The worse thing about the accounts hacked was the fact that one of them belonged to the e-commerce powerhouse, WooCommerce! This led to WooCommerce releasing a statement saying that it received notifications from MailChimp a day after the attack occurred that the breach could have resulted in names, web addresses as well as email addresses being leaked, however stopped short of saying that things such as passwords were taken. 

If you didn’t know what WooCommerce do, they essentially create and maintain open source e-commerce tools for SMEs which make use of Mailchimp to send out emails to customers and prospects. It has been reported that WooCommerce has over 5 million customers that use their tools on a regular basis.  

You may be wondering if you have heard about this breach before? This is true as it happened back in August of last year as the same attack occurred in the same way as before. On that occasion, the data of 214 Mailchimp accounts were accessed. Again, another significant customer of Mailchimp’s, DigitalOcean were compromised and were very damming in its condemnation of the way in which Mailchimp responded to the breach. 

Despite the fact that Mailchimp at the time stated that they had implemented additional security measures to resolve the issue last year, it has become pretty apparent that these measures haven't gone far enough in helping to protect their customer’s data. 

Next Steps? 

If you are a current Mailchimp customer and are worried that Mailchimp aren’t taking your concerns seriously then why not consider making a switch to another email and marketing automation platform in ClickDimensions which takes its data security extremely seriously. To find out more please give our team of experts a call now. 

Worried that your business could be at risk of suffering from a cyber security attack? If so, why not give Advantage a call who will be able to get your business Cyber Security Certified as well as help you with any other Cyber Security requirements? 

Want to get the latest Cyber Security news delivered to your emails? You can when you sign up to our mailing list.