Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Companies Impacted by Recent Mailchimp Breach Start Notifying Customers

Companies affected by the recent Mailchimp data breach have started notifying customers. The list includes WooCommerce, FanDuel, Yuga Labs and the Solana Foundation.

Companies affected by the recent Mailchimp data breach have started notifying customers. The list includes WooCommerce, FanDuel, Yuga Labs and the Solana Foundation.

Marketing automation platform Mailchimp revealed recently that its security team discovered unauthorized access to one of its tools on January 11. The tool is used by the company’s customer-facing teams for support and account administration.

According to Mailchimp, the hacker targeted employees and contractors in a social engineering attack and used compromised employee credentials to gain access to some Mailchimp accounts.

“Based on our investigation to date, this targeted incident has been limited to 133 Mailchimp accounts. There is no evidence that this compromise affected Intuit systems or customer data beyond these Mailchimp accounts,” the company said in a notice published on its website.

In response to the breach, Mailchimp suspended access for the targeted accounts and notified impacted customers.

Some of those customers have started informing their own customers about the incident. One of the first to do so was WooCommerce, the WordPress ecommerce plugin made by Automattic, the company behind WordPress.com.

WooCommerce uses Mailchimp to send emails to customers and its account was one of the 133 that were impacted by the breach.

WooCommerce told customers that some of the information they shared may have been exposed, including name, URL, address, and email address. Passwords, payment data or other sensitive information was not exposed, nor was any store using WooCommerce.

Online gambling service FanDuel has also informed customers that their name and email address may have been compromised. The FanDuel notification says the incident involved a third-party technology vendor and does not name Mailchimp.

The Solana Foundation, the nonprofit behind the Solana blockchain and cryptocurrency network, was also impacted and it did name Mailchimp in its notification to customers.

In the case of Solana, exposed information included names, email addresses and Telegram usernames.

Yuga Labs, a blockchain technology company that develops NFTs and digital collectibles, best known for the Bored Ape Yacht Club NFT collection, also confirmed being hit by the Mailchimp breach. Yuga Labs said it only used the service for limited purposes and there was no evidence that data from its Mailchimp account was exported.

Mailchimp claims to have 13 million active customers around the world. This is not the first time the company has announced suffering a breach in recent months. In August 2022, it suspended some accounts following a cyberattack targeting some of its cryptocurrency-related customers.

A few hundred Mailchimp customers were hit at the time, including DigitalOcean, which was not happy with the way the email marketing company handled the incident.

Mailchimp also discovered a security incident in March 2022.

Related: Breached American Airlines Email Accounts Abused for Phishing

Related: Email Hack Hits 15,000 Business Customers of Australian Telecoms Firm TPG

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Data Breaches

Zacks Investment Research is informing 820,000 individuals that their personal data was compromised in a data breach.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Data Breaches

Google Fi informs customers about a data breach related to the recent T-Mobile cyberattack and some users claim they were targeted in a SIM...

Data Breaches

A ransomware attack on Yum Bands forced the parent company of KFC and Taco Bell to close hundreds of restaurants in the United Kingdom

Data Breaches

JD Sports discovers unauthorized access to information from orders placed by customers between 2018 and 2020.

Data Breaches

Software development service CircleCI said a recent data breach was the result of information stealer malware being deployed on an engineer’s laptop.