Email marketing service Mailchimp has confirmed intruders have gained access to more than 100 customer accounts after successfully deploying a social engineering attack, tech blog The Register reported on Thursday, Jan. 19th. No personal financial information was included in the data caught up in the break-in, and the business is not commenting further on the countermeasures being taken to galvanize security, it is said.
This is the second data spill in five months to rock the company bought by Intuit for $12 billion. Mailchimp reportedly told its customers that it takes the “security of users’ data seriously.”
According to reports, the latest digital burglary happened on January 11 when the resident security team spotted an “unauthorized actor accessing one of our tools used by Mailchimp customer-facing teams for customer support and account administration,” the company blog states.
The criminal used employee credentials to break into 133 Mailchimp customer accounts. However, the business says there is no evidence currently that the compromise affected Intuit systems “or customer data beyond these accounts.”
“After we identified evidence of an unauthorized actor, we temporarily suspended account access for Mailchimp accounts where we detected suspicious activity to protect our users’ data,” said Mailchimp in a statement.
One of the 133 accounts belongs to WooCommerce, provider of an open source e-commerce plugin for WordPress, as first noted by TechCrunch. The business has subsequently written to its own clients to confirm some of their details – name, store URL, address and email – were exposed.
