Mailchimp Says It Was Breached and User Accounts Accessed
(Bloomberg) -- The email marketing company Mailchimp said its network was breached followed a social engineering attack.
Most Read from Bloomberg
Putin Army Regroups for Ukraine Showdown After Invasion Setback
Russia Sidesteps Sanctions to Supply Energy to Willing World
An intruder viewed 319 Mailchimp accounts and audience data was exported from 102 of them, Siobhan Smyth, chief information security officer, said in a statement. Mailchimp software is used by publishers and companies to compose newsletters and send promotional messages to customers. Smyth didn’t identify the clients affected.
Mailchimp’s security team became aware that a malicious actor had accessed an internal tool used by customer-facing teams for support and account administration, Smyth said. The attacker conducted a successful social engineering attack on Mailchimp employees, resulting in credentials being compromised, she said.
The hacker on April 2 attempted to send a phishing campaign to a user’s contacts with details they obtained in a March 26 incident, the company said.
“Our findings show that this was a targeted incident focused on users in industries related to cryptocurrency and finance,” Smyth said.
Mailchimp has since received reports that the hacker was using the information obtained from user accounts to send phishing campaigns to their contacts.
Intuit Inc., the maker of TurboTax and QuickBooks software, acquired Mailchimp for $12 billion in cash and stock last year.
(Updated throughout to include details released by Mailchimp.)
Most Read from Bloomberg Businessweek
China’s $2.3 Trillion Infrastructure Plan Puts America’s to Shame
This Is the Red-Hot Center of the Tightest Job Market Since WWII
Apple Makes It Easy to Work Remotely (Unless You Work for Apple)
Suddenly Short of Workers, U.S. Is Forced to Rethink Job Credentials
©2022 Bloomberg L.P.