Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

DigitalOcean Discloses Impact From Recent Mailchimp Cyberattack

Cloud infrastructure provider DigitalOcean this week announced that the email addresses of some of its customers might have been impacted in a recent cyberattack targeting Mailchimp.

Cloud infrastructure provider DigitalOcean this week announced that the email addresses of some of its customers might have been impacted in a recent cyberattack targeting Mailchimp.

On Friday, the marketing platform Mailchimp announced that it had suspended some accounts in response to a cyberattack targeting its cryptocurrency-related users via “sophisticated phishing and social engineering tactics”.

Mailchimp says that it suspended accounts to protect user data, that 214 accounts were impacted, and that it “acted quickly to notify all primary contacts of impacted accounts and implement an additional set of enhanced security measures.”

DigitalOcean, however, says it discovered the compromise of its Mailchimp account roughly a week ago, when its account was abruptly suspended without a notification from Mailchimp.

According to the company, a notification that eventually arrived from Mailchimp claimed that the account had been suspended for violating terms of use, and that it was only after it established communication with Mailchimp that the cyberattack was officially confirmed.

“We were formally notified on August 10th by Mailchimp of the unauthorized access to our and other accounts by what we understand to be an attacker who had compromised Mailchimp internal tooling,” DigitalOcean says.

At that time, the cloud services provider had already launched an investigation into the incident, after being notified by a customer that their password had been reset.

The compromise of the Mailchimp account led to certain DigitalOcean customer email addresses being exposed, and to follow-up attempts to access a limited set of DigitalOcean accounts via password resets.

Advertisement. Scroll to continue reading.

The company notes that the attempts were performed from the same IP address, but that not all password resets were successful. In some cases, even after successfully resetting the passwords, the attackers were unable to access the accounts due to second-factor authentication.

“Our security incident response team took action to secure these accounts and have communicated separately with these customers from our broader notification about email address exposure. We can confirm the attacks against DigitalOcean customer account passwords stopped after August 7,” the company says.

DigitalOcean also says that it had moved “critical services away from Mailchimp to another email service provider” even before the marketing platform had formally acknowledged the cyberattack.

“Additionally, related but not as a direct result of this incident, we are evaluating two-factor authentication on-by-default for all DigitalOcean customer accounts,” the company says.

It’s worth noting that this was the second cyberattack that Mailchimp fell victim to over the past four months, and also the second time crypto-related entities see their accounts with the marketing platform suspended.

Related: Signal Discloses Impact From Twilio Hack

Related: Microsoft: 10,000 Organizations Targeted in Large-Scale Phishing Campaign

Related: Microsoft, Okta Confirm Data Breaches Involving Compromised Accounts

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.