Mailchimp Pwned AGAIN

Last year, Mailchimp got pwned by hackers. And there was some collateral damage along the way. Fast forward to today and Mailchimp is admitting that they’ve been pwned again and that dozens of customers’ data was exposed:

It’s the second time the company was hacked in the past six months. Worse, this breach appears to be almost identical to a previous incident. Mailchimp said in an unattributed blog post that its security team detected an intruder on January 11 accessing one of its internal tools used by Mailchimp customer support and account administration, though the company did not say for how long the intruder was in its systems, if known. Mailchimp said the hacker targeted its employees and contractors with a social engineering attack. The hacker then used those compromised employee passwords to gain access to data on 133 Mailchimp accounts, which the company notified of the intrusion. One of those targeted accounts belongs to e-commerce giant WooCommerce. In a note to customers, WooCommerce said it was notified by Mailchimp a day later that the breach may have exposed the names, store web addresses and email addresses of its customers, though it said no customer passwords or other sensitive data was taken.

At this point, it is clear that Mailchimp is not a company that you can rely upon as two hacks in a one year time is not a good look to say the least. Thus if you’re a Mailchimp customer, you might want to consider taking your business elsewhere to someone who is more secure. Or at least, doesn’t get pwned as often as Mailchimp seems to.

Leave a Reply

%d bloggers like this: