2301-MailChimp-Data-Breach-Blog-Mini-Header

Mailchimp breached twice by spear phishing against IT-department

Email marketing giant Mailchimp announced it was hacked in January 2023 by a social engineering attack. The fact that the same attack type was successful in March 2022 shows the potential in social engineering!

Mailchimp said in a blog post that its security team detected an intruder on January 11 accessing one of its internal tools used by Mailchimp customer support and account administration, though the company did not say for how long the intruder was in its systems, if known.

Mailchimp said the hacker targeted its employees and contractors with a social engineering attack, in which someone uses manipulation techniques by phone,….. The hacker then used those compromised employee passwords to gain access to data….

mailchimp security hack

Mailchimp News 2023:

On January 11, the Mailchimp Security team identified an unauthorized actor accessing one of our tools used by Mailchimp customer-facing teams for customer support and account administration. The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack.

 

mailchimp data breach incident

Mailchimp News 2022:

On March 26, our Security team became aware of a bad actor accessing one of our internal tools used by customer-facing teams for customer support and account administration. The incident was propagated by a bad actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised.

The Mailchimp accidents prove how difficult it is for even large and professional IT-companies to protect themselves against social engineering.

As well known ethical hacker, Kevin Mitnick says in his book: The Art of Deception:“Why waste hours to break in, when you can do it with a phone call!”

It is time to consider a systematic approach to the process of password issuance from the service desk. Social engineering works when used against humans. Used against an intelligent workflow, then emotions don’t work!

Finn Jensen

Finn Jensen | Founder, FastPasscorp

Related Posts

Scroll to Top