Mailchimp Says an Internal Tool Was Used To Breach Hundreds of Accounts

Email marketing giant Mailchimp has confirmed a data breach after malicious hackers compromised an internal company tool to gain access to customer accounts. From a report: In a statement given to TechCrunch, Mailchimp CISO Siobhan Smyth said the company became aware of the intrusion on March 26 after it identified a malicious actor accessing a tool used by the company's customer support and account administration teams. Access was gained following a successful social engineering attack, a type of attack that exploits human error and uses manipulation techniques to gain private information, access or valuables. "We acted swiftly to address the situation by terminating access for the compromised employee accounts and took steps to prevent additional employees from being affected," Smyth said.

Let me be the first to say...

[ZiggyZiggyZig]

Well I for one do not welcome our compromised spamming overlords!

Oh shit

[Anonymous Coward]

My MailChimp account is where I keep the login to my Cayman Island bank accounts!!!!

How could this happen?

[Tablizer]

...it's not like the company is ran by a bunch of chimps...oh wait

Log4j like issue?

[Joe_Dragon]

Log4j like issue?

Re:

[gweihir]

Social engineering. Meaning somebody was really stupid or processes are so broken a lot of people get way more access and permissions than they should have.

Incidentally one of the first things an IT Security audit would look at.

Customers of hacked MAIL MARKETING company

[Rosco P. Coltrane]

get no sympathy from me.

Re:

[ISoldat53]

Just in time for their marketing blitz on utube and tv.

Perhaps such a tool should not exist?

[stanbrown]

If you REALLY want to protect customer privacy, perhaps you should not create tools to violate it?

Fortunately they already planned for this

[MysteriousPreacher]

By banning people they disagree with they help lessen the number of victims affected in these attacks. Other companies could learn a lesson here, perhaps policing unauthorised opinions on or off their services.

My only criticism is the protection being focussed on the right. Maybe a more neutral stance would be better?

So this is why Iâ(TM)m getting so much more s

[snapsnap]

This sucks. Makes it hard to find legitimate email.

Correction:

[Gravis Zero]

In a statement given to TechCrunch, Mailchimp CISO Siobhan Smyth said the company became aware of the intrusion on March 26 after it identified a different malicious actor accessing a tool used by the company's customer support and account administration teams.

Just because Mailchimp's actions are technically legal doesn't mean that they aren't a malicious actor.

In Soviet Russia, MAILCHIMP spams YOU!

[mmell]

...because someone had to say it.