Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Companies Impacted by Recent Mailchimp Breach Start Notifying Customers

Companies affected by the recent Mailchimp data breach have started notifying customers. The list includes WooCommerce, FanDuel, Yuga Labs and the Solana Foundation.

Companies affected by the recent Mailchimp data breach have started notifying customers. The list includes WooCommerce, FanDuel, Yuga Labs and the Solana Foundation.

Marketing automation platform Mailchimp revealed recently that its security team discovered unauthorized access to one of its tools on January 11. The tool is used by the company’s customer-facing teams for support and account administration.

According to Mailchimp, the hacker targeted employees and contractors in a social engineering attack and used compromised employee credentials to gain access to some Mailchimp accounts.

“Based on our investigation to date, this targeted incident has been limited to 133 Mailchimp accounts. There is no evidence that this compromise affected Intuit systems or customer data beyond these Mailchimp accounts,” the company said in a notice published on its website.

In response to the breach, Mailchimp suspended access for the targeted accounts and notified impacted customers.

Some of those customers have started informing their own customers about the incident. One of the first to do so was WooCommerce, the WordPress ecommerce plugin made by Automattic, the company behind WordPress.com.

WooCommerce uses Mailchimp to send emails to customers and its account was one of the 133 that were impacted by the breach.

WooCommerce told customers that some of the information they shared may have been exposed, including name, URL, address, and email address. Passwords, payment data or other sensitive information was not exposed, nor was any store using WooCommerce.

Advertisement. Scroll to continue reading.

Online gambling service FanDuel has also informed customers that their name and email address may have been compromised. The FanDuel notification says the incident involved a third-party technology vendor and does not name Mailchimp.

The Solana Foundation, the nonprofit behind the Solana blockchain and cryptocurrency network, was also impacted and it did name Mailchimp in its notification to customers.

In the case of Solana, exposed information included names, email addresses and Telegram usernames.

Yuga Labs, a blockchain technology company that develops NFTs and digital collectibles, best known for the Bored Ape Yacht Club NFT collection, also confirmed being hit by the Mailchimp breach. Yuga Labs said it only used the service for limited purposes and there was no evidence that data from its Mailchimp account was exported.

Mailchimp claims to have 13 million active customers around the world. This is not the first time the company has announced suffering a breach in recent months. In August 2022, it suspended some accounts following a cyberattack targeting some of its cryptocurrency-related customers.

A few hundred Mailchimp customers were hit at the time, including DigitalOcean, which was not happy with the way the email marketing company handled the incident.

Mailchimp also discovered a security incident in March 2022.

Related: Breached American Airlines Email Accounts Abused for Phishing

Related: Email Hack Hits 15,000 Business Customers of Australian Telecoms Firm TPG

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

Certificate lifecycle management firm Sectigo has hired Jason Scott as its CISO.

The State of Vermont has appointed John Toney as the state’s new CISO.

More People On The Move

Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.