Mailchimp Reports Data Breach, Employees Records Exposed

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Jan 19, 2023 03:05 am PST

Hackers gained access to an internal customer assistance and account administration tool, and the email marketing company MailChimp had another breach that gave threat actors access to the information of 133 customers. According to MailChimp, the attackers used social engineering to trick contractors and workers of the company into giving them access to employee login information.

The hack was initially discovered on January 11th, when MailChimp discovered an unauthorized user using their support resources. According to a statement on the security incident, “After we uncovered evidence of an unauthorized actor, we temporarily banned account access for Mailchimp accounts where we observed suspicious behavior to protect our users’ data.” Less than 24 hours following the initial discovery, on January 12, we alerted the principal contacts for all impacted accounts.

MailChimp Reacts To The Compromise.

MailChimp informed BleepingComputer that no credit card or password information was compromised as a result of the incident, despite the fact that it is not a regular practice for them to disclose client information. “Our investigation into the matter is still ongoing, and part of it entails figuring out how to make our platform even more secure. We are not making public comments about our activities due to operational security concerns” MailChimp.

Customers have received emails from WooCommerce informing them that their names, store URLs, addresses, and email addresses were exposed due to the MailChimp breach. Even though threat actors frequently exploit this kind of information for targeted phishing attacks to steal credentials or install malware, WooCommerce claims that there is no evidence that the stolen data has been misused.

Owners of Trezor hardware wallets started getting phony data breach warnings in April 2022, which prompted users to download a bogus version of the Trezor Suite software that would steal their recovery seeds.

The email list utilized in this phishing campaign was a Trezor mailing list that was obtained in a MailChimp breach. Later, MailChimp acknowledged that the breach was more serious. As a result of staff falling for a social engineering trick, threat actors gained access to 319 MailChimp accounts and were able to export the data of 102 clients.

The marketing business acknowledged that this information was used in phishing emails but would not provide further details on the attacks. A second breach of MailChimp occurred in August 2022 as a result of staff members falling for the ‘0ktapus’ Okta phishing scam. The August incident impacted customers like Edge Wallet, Cointelegraph, NFT developers, Ethereum FESP, Messari, and Decrypt.

Previous Breach With Mailchimp Last Year

Mailchimp was also compromised last year, was discovered on March 26th, according to Mailchimp’s chief information security officer Siobhan Smyth, when the company discovered illegal access to a tool used by its customer care and account management teams. The stolen employee accounts were deleted by Mailchimp when it became aware of the attack. However, the hackers were still able to examine about 300 user accounts and steal audience information from 102 of them, according to Smyth.

“We are proud of our infrastructure, security culture, and our client’s faith in us to protect their data. We have strong procedures and security measures in place to safeguard our users’ information and avert further incidents. We recognize that this issue has inconvenienced and confused both our users and their consumers, and we genuinely regret to them it, Smyth added.

How Can an Email Breach Be Prevented?

Among the steps to take to stop an email security breach are:

  • ID Protection & Monitoring:

You must keep an eye on your personal and public records since doing so could help you avoid falling victim to identity theft. This will assist you in keeping track of the kinds of public documents that are accessible about you online. You can use our service to keep an eye on that data.

  • Monitor Your Accounts & Check for Exposure:

We advise you to confirm the accuracy of your identification profile to assist in guarding against the impacts of an email data leak. You can secure your data and respond swiftly in the case of a data breach by having control over the information that is publicly available about you online and being aware of the personal information that identity thieves can access.

  • Online Security:

By giving your personal information to only accredited companies and services that can be verified and trusted, you can ensure that you are using the internet safely. This can assist in preventing identity theft. Use secure websites at all times, and make sure you are aware of their offerings. To prevent identity thieves from getting your social security number or date of birth, never give it out online. 

  • Implementing Two-Factor Authentication for Password Protection:

Secure your email accounts from hacks, breaches, and data dumps from compromised websites. To protect your online accounts and prevent identity theft, use strong passwords. Never reuse passwords; always use unique ones for every email account.


Mailchimp, a market leader in email marketing and newsletters, claims that it was hacked and that the data of numerous clients were exposed. In the previous six months, the organization has experienced two hacks. Even worse, this breach resembles an earlier occurrence remarkably well. The Intuit-owned business said in an unattributed blog post that on January 11, a hacker gained access to one of its internal tools used for Mailchimp account management and customer assistance. 

The company did not specify how long the hacker was in its systems if it was known. According to Mailchimp, the hacker used a social engineering attack to target its employees and contractors. In this type of attack, a person manipulates another person over the phone, by email, or by text to obtain sensitive information like passwords. After informing the organization of the incident, the hacker utilized the stolen employee passwords to access information on 133 Mailchimp accounts.

Notify of
9 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Darren James
Darren James , Head of IT
InfoSec Expert
January 20, 2023 11:58 am

“Once again we see that threat actors are bypassing the security that companies have in place by exploiting the weakest link the chain – the human being!

Social engineering can come in many forms, but we know that from advances in AI and the proliferation of deep fakes the days of “oh I recognise this users voice it must be him” are now well and truly over. It’s important for companies to recognise this increasingly familiar attack vector and the risk it presents to their business.”

Last edited 7 months ago by Darren.James
Erfan Shadabi
Erfan Shadabi , Cybersecurity Expert
InfoSec Expert
January 20, 2023 11:53 am

“This cybersecurity incident shows just how clever threat actors can be in adapting existing social engineering tactics. The situation also underscores two key points that every enterprise should heed.

1. One, it’s not enough simply to educate employees and partners sporadically about common social engineering tactics and hope that this makes a significant impact on incident prevention or mitigation. The entire corporation needs to adopt a culture of cybersecurity in which speed and rapidity are valued less than safety and sensible inspection of all requests for information and action. Social engineering preys on misdirection and hasty actions and responses. Put a premium on employees treating every email with healthy skepticism.

2. Two, protect all sensitive enterprise data with more than just perimeter security, even if you feel that the impenetrable vault you’ve stored it all in is foolproof. Make sure that data-centric protection such as tokenization or format-preserving encryption effectively obfuscate sensitive information in case threat actors find their way into your data ecosystem. At some point, every organization will face a cybersecurity attack, so better be prepared.”

Last edited 7 months ago by Erfan Shadabi
Paul Bischoff
Paul Bischoff , Privacy Advocate
InfoSec Expert
January 20, 2023 11:51 am

“Mailchimp has been the victim of multiple data breaches over the past year. These incidents not only cast doubt on Mailchimp’s security, but also other Intuit-owned companies like TurboTax and Quickbooks. Thankfully, according to victims, none of the breached info was particularly sensitive and does not directly pose a threat to Mailchimp users. Still, affected users should be on the lookout for targeted phishing scams from Mailchimp or a related company.”

Last edited 7 months ago by Paul Bischoff
Chris Hauk
Chris Hauk , Consumer Privacy Champion
InfoSec Expert
January 20, 2023 11:51 am

“Well, whatever “enhanced security measures” MailChimp put in place after the first breach did not take the desired effect. Organisations like this should not only tighten their security measures, they should also put in place training programs for employees and executives, educating them about phishing attacks like the one that facilitated these breaches.”

Last edited 7 months ago by Chris Hauk
Almog Apirion
Almog Apirion , CEO & Co-Founder
InfoSec Expert
January 20, 2023 11:50 am

“Within one year, MailChimp has suffered three data breaches as a result of social engineering attacks, with one of the worst-case scenarios – a breach that seems to be very similar to previous ones. So, what is going wrong? It is far too often that employees fall for phishing attacks that place sensitive company assets and personal information at risk of malicious threats. Social engineering attacks make employees particularly vulnerable by using psychological manipulation to take advantage of weak security protocols. It is not surprising that the riskiest attack vector is the human behind the network, system or application. Beyond, the rise of remote work has presented new challenges for companies implementing perimeter security systems. Companies must consider how to extend security controls to all users, even hybrid employees and third parties outside of the corporate network.  

Companies should prioritize securing identities – the new perimeter for many organizations. By increasing the adoption of zero-trust practices, businesses can ensure the validation of all users, limit the applications each user is entitled to and capture a full audit trail for forensic and compliance needs.” 

Last edited 7 months ago by Almog.Apirion

Recent Posts

Would love your thoughts, please comment.x