DigitalOcean Discloses Impact From Recent Mailchimp Cyberattack

Cloud infrastructure provider DigitalOcean this week announced that the email addresses of some of its customers might have been impacted in a recent cyberattack targeting Mailchimp.

On Friday, the marketing platform Mailchimp announced that it had suspended some accounts in response to a cyberattack targeting its cryptocurrency-related users via “sophisticated phishing and social engineering tactics”.

Mailchimp says that it suspended accounts to protect user data, that 214 accounts were impacted, and that it “acted quickly to notify all primary contacts of impacted accounts and implement an additional set of enhanced security measures.”

DigitalOcean, however, says it discovered the compromise of its Mailchimp account roughly a week ago, when its account was abruptly suspended without a notification from Mailchimp.

According to the company, a notification that eventually arrived from Mailchimp claimed that the account had been suspended for violating terms of use, and that it was only after it established communication with Mailchimp that the cyberattack was officially confirmed.

“We were formally notified on August 10th by Mailchimp of the unauthorized access to our and other accounts by what we understand to be an attacker who had compromised Mailchimp internal tooling,” DigitalOcean says.

At that time, the cloud services provider had already launched an investigation into the incident, after being notified by a customer that their password had been reset.

The compromise of the Mailchimp account led to certain DigitalOcean customer email addresses being exposed, and to follow-up attempts to access a limited set of DigitalOcean accounts via password resets.

The company notes that the attempts were performed from the same IP address, but that not all password resets were successful. In some cases, even after successfully resetting the passwords, the attackers were unable to access the accounts due to second-factor authentication.

“Our security incident response team took action to secure these accounts and have communicated separately with these customers from our broader notification about email address exposure. We can confirm the attacks against DigitalOcean customer account passwords stopped after August 7,” the company says.

DigitalOcean also says that it had moved “critical services away from Mailchimp to another email service provider” even before the marketing platform had formally acknowledged the cyberattack.

“Additionally, related but not as a direct result of this incident, we are evaluating two-factor authentication on-by-default for all DigitalOcean customer accounts,” the company says.

It’s worth noting that this was the second cyberattack that Mailchimp fell victim to over the past four months, and also the second time crypto-related entities see their accounts with the marketing platform suspended.

Related: Signal Discloses Impact From Twilio Hack

Related: Microsoft: 10,000 Organizations Targeted in Large-Scale Phishing Campaign

Related: Microsoft, Okta Confirm Data Breaches Involving Compromised Accounts