Security Experts:

Connect with us

Hi, what are you looking for?



DigitalOcean Discloses Impact From Recent Mailchimp Cyberattack

Cloud infrastructure provider DigitalOcean this week announced that the email addresses of some of its customers might have been impacted in a recent cyberattack targeting Mailchimp.

Cloud infrastructure provider DigitalOcean this week announced that the email addresses of some of its customers might have been impacted in a recent cyberattack targeting Mailchimp.

On Friday, the marketing platform Mailchimp announced that it had suspended some accounts in response to a cyberattack targeting its cryptocurrency-related users via “sophisticated phishing and social engineering tactics”.

Mailchimp says that it suspended accounts to protect user data, that 214 accounts were impacted, and that it “acted quickly to notify all primary contacts of impacted accounts and implement an additional set of enhanced security measures.”

DigitalOcean, however, says it discovered the compromise of its Mailchimp account roughly a week ago, when its account was abruptly suspended without a notification from Mailchimp.

According to the company, a notification that eventually arrived from Mailchimp claimed that the account had been suspended for violating terms of use, and that it was only after it established communication with Mailchimp that the cyberattack was officially confirmed.

“We were formally notified on August 10th by Mailchimp of the unauthorized access to our and other accounts by what we understand to be an attacker who had compromised Mailchimp internal tooling,” DigitalOcean says.

At that time, the cloud services provider had already launched an investigation into the incident, after being notified by a customer that their password had been reset.

The compromise of the Mailchimp account led to certain DigitalOcean customer email addresses being exposed, and to follow-up attempts to access a limited set of DigitalOcean accounts via password resets.

The company notes that the attempts were performed from the same IP address, but that not all password resets were successful. In some cases, even after successfully resetting the passwords, the attackers were unable to access the accounts due to second-factor authentication.

“Our security incident response team took action to secure these accounts and have communicated separately with these customers from our broader notification about email address exposure. We can confirm the attacks against DigitalOcean customer account passwords stopped after August 7,” the company says.

DigitalOcean also says that it had moved “critical services away from Mailchimp to another email service provider” even before the marketing platform had formally acknowledged the cyberattack.

“Additionally, related but not as a direct result of this incident, we are evaluating two-factor authentication on-by-default for all DigitalOcean customer accounts,” the company says.

It’s worth noting that this was the second cyberattack that Mailchimp fell victim to over the past four months, and also the second time crypto-related entities see their accounts with the marketing platform suspended.

Related: Signal Discloses Impact From Twilio Hack

Related: Microsoft: 10,000 Organizations Targeted in Large-Scale Phishing Campaign

Related: Microsoft, Okta Confirm Data Breaches Involving Compromised Accounts

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...