cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Over 100 Mailchimp accounts compromised in social engineering hack

It’s probably a truism that if you’ve been hacked before, you’ll be hacked again eventually, which is something that email marketing company Mailchimp is finding out. This week, the company announced that 133 Mailchimp accounts had been compromised.

user icon David Hollingworth
Thu, 19 Jan 2023
Over 100 Mailchimp accounts compromised in social engineering hack
expand image

And not by malware or ransomware, but by good old-fashioned social engineering.

The incident occurred on 11 January, when Mailchimp’s security bods found someone accessing their tools who was not supposed to be accessing their tools. Whoever it was, Mailchimp reports, seems to have successfully tricked either contractors or employees — potentially both and got access to the same software used by Mailchimp’s customer support teams.

“There is no evidence that this compromise affected Intuit systems or customer data beyond these Mailchimp accounts,” according to Mailchimp.


Intuit is Mailchimp’s parent company.

Once the illegal access had been spotted, Mailchimp acted commendably fast. It suspended any account where it had spotted suspicious activity, and notified all affected users within 24 hours of detection.

“That afternoon, we sent another email to affected accounts with steps to help users reinstate access to their Mailchimp accounts safely,” Mailchimp said in an announcement. “Since then, we’ve been working with our users directly to help them reinstate their accounts, answer questions, and provide any additional support they need.”

Hopefully, this breach won’t be as potentially costly as a previous incident from April 2022.

Last year, 100 Mailchimp accounts belonging to companies and individuals involved in crypto trading were compromised, which in turn led to a number of successful — and very damaging phishing attacks.

Following that, a class action suit worth millions of dollars was launched against the company, with the lead plaintiff claiming to have lost about US$82,000.

In that case, it was a phishing attack that compromised Mailchimp’s systems, but clearly the company’s cyber security training still leaves a lot to be desired.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.